public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Rahul Shirsat <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: SameSite issues in Safari Browser (reference #RM5975)
Date: Mon, 30 Nov 2020 11:42:30 +0000
Message-ID: <CA+OCxoxZCULg79P9QhBE8K65Cgnnz5Am2kyUK=7YSuftLB0thg@mail.gmail.com> (raw)
In-Reply-To: <CAKtn9dPCUa_kbA=ViTS+hHZ2PxxQ54SVE5G1YdkTPxoZxxwbgw@mail.gmail.com>
References: <CAKtn9dNqZqKbOuwaE5Y94+_WG=NqTh+=oj1vYvdcbq7501b_NQ@mail.gmail.com>
<CA+OCxozMTrE-AFoei16-rzb5PNEqN7ZmJQ7wPGe=Ctwp4Tk02Q@mail.gmail.com>
<CAKtn9dPCUa_kbA=ViTS+hHZ2PxxQ54SVE5G1YdkTPxoZxxwbgw@mail.gmail.com>
Hi
On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
[email protected]> wrote:
> Dave,
>
> There are issues discussed on Apple forums, check this out:
>
> https://developer.apple.com/forums/thread/129064 - The latest comment by
> the user here is one month ago, meaning the issue is still not fixed yet.
> https://developer.apple.com/forums/thread/658688 - Users facing this
> issue in v13.x
>
> Even webkit has confirmed about this issue :
> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this issue
> in v12.x
>
In that case, I think the answer (for now at least) is an FAQ, referencing
those issues and explaining how to resolve the issue using config_system.py
or by using a different browser.
Have we actually seen this issue in wild?
>
> On Thu, Nov 26, 2020 at 6:57 PM Dave Page <[email protected]> wrote:
>
>> Hi
>>
>> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
>> [email protected]> wrote:
>>
>>> Hi Dave,
>>>
>>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>>> functionality isn't working (mostly the new tab functionality).
>>>
>>> The affected Safari Browser versions (marked in red) currently tested
>>> upon are:
>>>
>>> 1. v11.1.2
>>> 2. v12.1
>>> 3. v12.1.1
>>> 4. 13.1
>>> 5. 14.0.1
>>>
>>> Since v12, Safari have done some security fixes, due to which this issue
>>> has occurred. Strangely, the issue is not reproducible on v13, but
>>> reproducible on its successor i.e. v14
>>>
>>> Possible solutions could be:
>>>
>>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>>> 2. Suggesting Safari users to make below changes in config.py or
>>> config_distro for the work around:
>>>
>>> *SESSION_COOKIE_SAMESITE = None*
>>>
>>> *SESSION_COOKIE_SECURE = True*
>>> (As we aren't going through any cross-site cookie transfer, this can be
>>> a handy option - but still risky..)
>>>
>>> I would suggest going with the 1st option or combination of both, but
>>> with caution.
>>>
>>
>> Others must have come across this issue already. Is it a known bug,
>> documented somewhere (ideally on apple.com)?
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EDB: http://www.enterprisedb.com
>>
>>
>
> --
> *Rahul Shirsat*
> Software Engineer | EnterpriseDB Corporation.
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EDB: http://www.enterprisedb.com
view thread (13+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: SameSite issues in Safari Browser (reference #RM5975)
In-Reply-To: <CA+OCxoxZCULg79P9QhBE8K65Cgnnz5Am2kyUK=7YSuftLB0thg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox