Issue cookies with the same-site flag

Description

Cookies should have SameSite=None to allow wikis with custom domains (e.g. scp-wiki.net, kontainer.djkakt.us) to be accepted.

Activity

Show:
aismallard
3 days ago

We’ll need to do more research for figuring out how exactly SameSite should be issued, especially as the codebase evolves. Lowering priority, will revisit later.

aismallard
January 9, 2021, 9:38 PM

I was rereading the chrome docs just now, and I think you only need to set SameSite if the cookie is for custom domains. So check if SNI matches the wikijump wildcard and do it based on that?

Though I don’t see a lot of downside to just always specifying the cookies must be SameSite=None; Secure? (or at least just the Secure flag)

bluesoul
January 9, 2021, 9:32 PM

I want to continue working with the finer details of my setsecurecookie() function to determine when you should be using the SameSite flag. I’ve been setting it everywhere and I’d like to tighten that scope a little.

Assignee

bluesoul

Reporter

aismallard

Components

None

Epic Link

Priority

Low