Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cg disable samesite cookie #1870

Merged
merged 4 commits into from Mar 14, 2019

Conversation

2 participants
@chrisgilmerproj
Copy link
Contributor

chrisgilmerproj commented Mar 14, 2019

Description

Follow on to #1852

SameSite 'strict' mode on our session cookie doesn't work with the Login.gov redirect cycle. Using 'lax' instead gives us better security while still allowing us to use Login.gov appropriately.

Code Review Verification Steps

  • Tested in the Experimental environment (for changes to containers, app startup, or connection to data stores)
  • Request review from a member of a different team.

References

@chrisgilmerproj chrisgilmerproj self-assigned this Mar 14, 2019

@chrisgilmerproj chrisgilmerproj requested review from rdhariwal , stangah and kimallen Mar 14, 2019

@stangah
Copy link
Contributor

stangah left a comment

lgtm!

@stangah
Copy link
Contributor

stangah left a comment

oh wait it doesn't need to be merged. ABORT ABORT

@codecov

This comment has been minimized.

Copy link

codecov bot commented Mar 14, 2019

Codecov Report

Merging #1870 into master will not change coverage.
The diff coverage is 100%.

@@           Coverage Diff           @@
##           master    #1870   +/-   ##
=======================================
  Coverage   49.58%   49.58%           
=======================================
  Files         430      430           
  Lines       18499    18499           
  Branches     1632     1632           
=======================================
  Hits         9172     9172           
  Misses       8523     8523           
  Partials      804      804

chrisgilmerproj added some commits Mar 14, 2019

Revert "Deploy to experimental"
This reverts commit 0da9d15.

@chrisgilmerproj chrisgilmerproj marked this pull request as ready for review Mar 14, 2019

@stangah
Copy link
Contributor

stangah left a comment

🚢

@chrisgilmerproj chrisgilmerproj merged commit 4687865 into master Mar 14, 2019

18 of 19 checks passed

Codacy/PR Quality Review Hang in there, Codacy is reviewing your Pull request.
Details
ci/circleci: acceptance_tests_experimental Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_local Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_staging Your tests passed on CircleCI!
Details
ci/circleci: build_app Your tests passed on CircleCI!
Details
ci/circleci: build_migrations Your tests passed on CircleCI!
Details
ci/circleci: build_tools Your tests passed on CircleCI!
Details
ci/circleci: client_test Your tests passed on CircleCI!
Details
ci/circleci: client_test_coverage Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_mymove Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_office Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_tsp Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_golang Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_yarn Your tests passed on CircleCI!
Details
ci/circleci: pre_test Your tests passed on CircleCI!
Details
ci/circleci: server_test Your tests passed on CircleCI!
Details
ci/circleci: server_test_coverage Your tests passed on CircleCI!
Details
codecov/patch 100% of diff hit (target 49.58%)
Details
codecov/project 49.58% (+0%) compared to 379b766
Details

@chrisgilmerproj chrisgilmerproj deleted the cg_disable_samesite_cookie branch Mar 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.