Bug 1891944
| Summary: | cockpit SameSite cookie attribute not present in Set-Cookie responses | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | jcalhoun |
| Component: | cockpit | Assignee: | Martin Pitt <mpitt> |
| Status: | CLOSED ERRATA | QA Contact: | Jan Ščotka <jscotka> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.2 | CC: | allison.karlitskaya |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.4 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:06:39 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 2
Martin Pitt
2020-12-21 05:35:45 UTC
I read https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite now, and it's not actually going to break -- the default will change to "SameSite: Lax", and that's more than good enough for us. I think we should set it to "Strict" to avoid the warning. This is actually already in RHEL 8.4, I just forgot to add it to the erratum -- or rather, this was not pre-verified. I'll add it now. But Jan and I need to find some agreement how to do this handover now. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (cockpit bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1684 |