Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Fix SameSite=None cookie #4136

Merged
merged 2 commits into from
May 18, 2021
Merged

🐛 Fix SameSite=None cookie #4136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2c03ecd
:bug: Fix SameSite=None cookie
cp2004 May 11, 2021
d83d4b1
:pencil: Adjust/clarify docs
cp2004 May 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions docs/configuration/config_yaml.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -904,9 +904,9 @@ Use the following settings to configure the server:

# Settings for further configuration of the cookies that OctoPrint sets (login, remember me, ...)
cookies:
# SameSite setting to use on the cookies. Possible values are None, Lax and Strict. Defaults to None but
# be advised that browsers will soon force this to Lax unless also being set as Secure and served over
# https, which will cause issues with embedding OctoPrint in frames.
# SameSite setting to use on the cookies. Possible values are None, Lax and Strict. Defaults to not set but
# be advised that many browsers now default to Lax unless set as Secure, explicitly setting the cookie type
# here and served over https, which causes issues with embedding OctoPrint in frames.
#
# See also https://www.chromestatus.com/feature/5088147346030592,
# https://www.chromestatus.com/feature/5633521622188032 and issue #3482
Expand Down
6 changes: 4 additions & 2 deletions src/octoprint/server/util/flask.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -567,8 +567,10 @@ def set_cookie(self, key, *args, **kwargs):
if samesite is not None:
samesite = samesite.lower()
if samesite == "none":
samesite = None
if samesite not in (None, "strict", "lax"):
# Must be string "None"
samesite = "None"
if samesite not in ("None", "strict", "lax"):
# If NoneType, the cookie is not set
samesite = None
kwargs["samesite"] = samesite

Expand Down
2 changes: 1 addition & 1 deletion tests/server/util/test_flask.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,7 +503,7 @@ def tearDown(self):

@data(
[None, None, False, None, None],
[None, None, False, "none", None],
[None, None, False, "none", "None"],
[None, None, False, "lax", "lax"],
[None, None, False, "StRiCt", "strict"],
[None, None, False, "INVALID", None],
Expand Down