Browser warning, cookie “wf” will be soon rejected

[Allan Streib]

I noticed the following warning in the console window of my browser while I was working on a Nitrogen site.

Cookie “wf” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

In my poking around in the code, it looks like the SameSite attribute is just not implemented. It would take some changes to a couple of different record definitions and some code in at least simple_bridge and nitrogen.

Does this sound right? I can open an issue on Github if that would be helpful. Which project would be best?

Also, I don't seem to see anywhere that I can set the "secure" attibute for the cookie, which would be another way to work around this, according to the link mentioned above.

Thanks,

Allan

[12u...@gmail.com]

FWIW, after such a long time, this is how I do it :

* use nginx as a reverse proxy *with ssl set*,

* in the concerned block(s), add this line :    proxy_cookie_path     /    "/; secure; HttpOnly; SameSite=strict";

Jean-Yves