Use SameSite=Lax on frontend auth token cookie #14376

diox · 2020-05-25T15:15:46Z

While our sessionid cookie has SameSite=Lax, currently our frontend_auth_token cookie (that is not used directly by the API, but to pass the token to the frontend) doesn't. Let's unify that.

The text was updated successfully, but these errors were encountered:

diox · 2020-05-25T16:28:33Z

QA: make sure logging in and out still works (and that you're correctly logged in and out of frontend, devhub & code-manager at the same time).

AlexandraMoga · 2020-05-26T08:20:32Z

This issue is verified fixed on -dev with the following scenarios:

log in/log out in frontend => user log in/log out state is correctly propagated in devhub, rev tools and code-manager
log in/log out in devhub=> user log in/log out state is correctly propagated in frontend, rev tools and code-manager
log in/log out in rev tools=> user log in/log out state is correctly propagated in devhub, frontend and code-manager
log in/log out in code-manager=> user log in/log out state is correctly propagated in devhub, rev tools and frontend

diox added component:code_quality priority: p3 labels May 25, 2020

diox added this to the 2020.05.28 milestone May 25, 2020

diox self-assigned this May 25, 2020

diox mentioned this issue May 25, 2020

Pass SameSite=Lax to frontend auth token cookie #14377

Merged

diox closed this as completed in #14377 May 25, 2020

AlexandraMoga added the state:verified_fixed label May 26, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use SameSite=Lax on frontend auth token cookie #14376

Use SameSite=Lax on frontend auth token cookie #14376

diox commented May 25, 2020

diox commented May 25, 2020

AlexandraMoga commented May 26, 2020

Use SameSite=Lax on frontend auth token cookie #14376

Use SameSite=Lax on frontend auth token cookie #14376

Comments

diox commented May 25, 2020

diox commented May 25, 2020

AlexandraMoga commented May 26, 2020