public inbox for [email protected]
help / color / mirror / Atom feedFrom: Rahul Shirsat <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: SameSite issues in Safari Browser (reference #RM5975)
Date: Wed, 25 Nov 2020 16:07:12 +0530
Message-ID: <CAKtn9dNqZqKbOuwaE5Y94+_WG=NqTh+=oj1vYvdcbq7501b_NQ@mail.gmail.com> (raw)
Hi Dave,
Due to SameSite security issues in Safari Browser, some of the pgadmin4
functionality isn't working (mostly the new tab functionality).
The affected Safari Browser versions (marked in red) currently tested upon
are:
1. v11.1.2
2. v12.1
3. v12.1.1
4. 13.1
5. 14.0.1
Since v12, Safari have done some security fixes, due to which this issue
has occurred. Strangely, the issue is not reproducible on v13, but
reproducible on its successor i.e. v14
Possible solutions could be:
1. Reporting this to Safari & raising an RM for tracking purposes.
2. Suggesting Safari users to make below changes in config.py or
config_distro for the work around:
*SESSION_COOKIE_SAMESITE = None*
*SESSION_COOKIE_SECURE = True*
(As we aren't going through any cross-site cookie transfer, this can be a
handy option - but still risky..)
I would suggest going with the 1st option or combination of both, but with
caution.
--
*Rahul Shirsat*
Software Engineer | EnterpriseDB Corporation.
view thread (13+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: SameSite issues in Safari Browser (reference #RM5975)
In-Reply-To: <CAKtn9dNqZqKbOuwaE5Y94+_WG=NqTh+=oj1vYvdcbq7501b_NQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox