Skip to content

Cookie blocked in Chrome when embed in an iframe #1401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
easychen opened this issue Mar 7, 2020 · 2 comments
Closed

Cookie blocked in Chrome when embed in an iframe #1401

easychen opened this issue Mar 7, 2020 · 2 comments
Assignees
@nhooyr
Labels
enhancement Some improvement that isn't a feature
Milestone
v3.6.0

Comments

@easychen
Copy link
Contributor

easychen commented Mar 7, 2020

Some users of my website report that login not work when using the code-server embed in an iframe .

This seems to be related to the samesite setting adjusted in the latest version of chrome.

Is it possible to add an optional samesite option to setCookie to support the use of embedded in iframes?

This adjustment only needs to add extra parameters when setcookie, like:

setcookie ('cross-site-cookie', 'name', ['samesite' => 'None', 'secure' => true]);

Thanks.
@kylecarbs
Copy link
Member

I think we could do this. cc: @code-asher

@nhooyr nhooyr mentioned this issue Mar 11, 2020
Closed
@code-asher code-asher mentioned this issue Mar 12, 2020
Closed
@code-asher code-asher mentioned this issue Apr 14, 2020
Closed
@nhooyr nhooyr added the enhancement Some improvement that isn't a feature label Apr 17, 2020
@nhooyr nhooyr self-assigned this Apr 17, 2020
@nhooyr nhooyr added this to the v3.5.1 milestone Aug 30, 2020
@rmountjoy92 rmountjoy92 mentioned this issue Sep 21, 2020
Open
@code-asher
Copy link
Member

We talked about changing this and decided to leave it at lax to have a better default defense against CSRFs. For anyone with this issue I think we'd recommend making sure all parent and iframe have the same origin.

If the origin isn't the problem let me know the specific setup so we can investigate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nhooyr nhooyr

Labels
enhancement Some improvement that isn't a feature
Projects
None yet
Milestone
v3.6.0
Development

No branches or pull requests
4 participants
@easychen @kylecarbs @nhooyr @code-asher