Re: SameSite issues in Safari Browser (reference #RM5975)

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Dave Page <[email protected]>
To: Rahul Shirsat <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: SameSite issues in Safari Browser (reference #RM5975)
Date: Thu, 26 Nov 2020 13:27:06 +0000
Message-ID: <CA+OCxozMTrE-AFoei16-rzb5PNEqN7ZmJQ7wPGe=Ctwp4Tk02Q@mail.gmail.com> (raw)
In-Reply-To: <CAKtn9dNqZqKbOuwaE5Y94+_WG=NqTh+=oj1vYvdcbq7501b_NQ@mail.gmail.com>
References: <CAKtn9dNqZqKbOuwaE5Y94+_WG=NqTh+=oj1vYvdcbq7501b_NQ@mail.gmail.com>

Hi

On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
[email protected]> wrote:

> Hi Dave,
>
> Due to SameSite security issues in Safari Browser, some of the pgadmin4
> functionality isn't working (mostly the new tab functionality).
>
> The affected Safari Browser versions (marked in red) currently tested upon
> are:
>
>    1. v11.1.2
>    2. v12.1
>    3. v12.1.1
>    4. 13.1
>    5. 14.0.1
>
> Since v12, Safari have done some security fixes, due to which this issue
> has occurred. Strangely, the issue is not reproducible on v13, but
> reproducible on its successor i.e. v14
>
> Possible solutions could be:
>
>    1. Reporting this to Safari & raising an RM for tracking purposes.
>    2. Suggesting Safari users to make below changes in config.py or
>    config_distro for the work around:
>
> *SESSION_COOKIE_SAMESITE = None*
>
> *SESSION_COOKIE_SECURE = True*
> (As we aren't going through any cross-site cookie transfer, this can be a
> handy option - but still risky..)
>
> I would suggest going with the 1st option or combination of both, but with
> caution.
>

Others must have come across this issue already. Is it a known bug,
documented somewhere (ideally on apple.com)?

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: http://www.enterprisedb.com

view thread (13+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: SameSite issues in Safari Browser (reference #RM5975)
  In-Reply-To: <CA+OCxozMTrE-AFoei16-rzb5PNEqN7ZmJQ7wPGe=Ctwp4Tk02Q@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox