Skip to content
Snippets Groups Projects
Unverified Commit 03e41dfe authored by Nils Diefenbach's avatar Nils Diefenbach Committed by GitHub
Browse files

TNL-7608 - Add Note about ``ngrok`` usage. (#111) 

As stated by @giovannicimolin:

  Due to a recent change in `Chrome`_ and `Firefox`_
  and the way they handle cookies, it’s not possible
  to access cookies marked as ``SameSite=None`` if
  they are not also Secure.

  This is to help avoid a few CSRF attacks.

  Secure cookies are only available when the request
  is done through `HTTPS`_, which is not the case on
  the devstack.

The workaround for this behaviour is to set
``DCS_SESSION_COOKIE_SAMESITE`` from ``'Lax'``
to ``None`` in the studio container's ``devstack.py``,
when using tools such as ``ngrok``.

This commit adds a note about this to the ``README.rst``
of the repository.

.. _Chrome:: https://twitter.com/ChromiumDev/status/1293236234932846596
.. _Firefox:: https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
.. See ``Secure`` Attribute as a reference
.. _HTTPS:: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
parent 33bb7c78
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment