-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
utils.setCookie needs to use Secure with SameSite=none #5011
Comments
@jaiminpanchal27 - since you were the most recent person to touch these routines, please consider making this update to the central cookie functions https://javascript.info/cookie
|
I have submitted a PR that makes this change in the new storageManager module. |
Closing this issue since the PR has been opened and partly reviewed. |
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
* 'master' of https://github.com/prebid/Prebid.js: (102 commits) Marsmedia - Add vastXml and fix id response (prebid#5067) PubMatic adapter to support image sync (prebid#5104) minor consentManagement fix (prebid#5050) fix circle ci failing tests (prebid#5113) Add Relaido Adapter (prebid#5101) Add new bid adapter for ConnectAd (prebid#4806) change payload (prebid#5105) Utils updates (prebid#5092) Read OpenRTB app objects if set in config + bug fix for when ad units are reloaded (prebid#5086) Criteo : added first party data mapping to bidder request (prebid#4954) updateAdGenerationManual (prebid#5032) New bid adapter: Wipes (prebid#5051) Prebid manager analytics utm tags (prebid#4998) CRITEO RTUS Integration with Yieldmo Prebid (prebid#5075) isSafariBrowser update (prebid#5077) Support min &max duration for onevideo (prebid#5079) increment pre version Prebid 3.15.0 release prebid#5011 Fix to set Secure attribute on cookie when SameSite=none (prebid#5064) Prebid adapter for windtalker (prebid#5040) ...
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
Type of issue
Bug
Description
When a cookie is specified as 'none' for a value of SameSite the cookie should automatically be written with the Secure flag. Currently this produces a warning in Chrome as below:
digiTrustIdSystem.js:89 A cookie associated with a resource at http://prebid.local/ was set with
SameSite=None
but withoutSecure
. It has been blocked, as Chrome now only delivers cookies markedSameSite=None
if they are also markedSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.Steps to reproduce
Using the DigiTrust test page "integrationExamples/gpt/digitrust_simple.html" you will get the above warning. This is due to how utils.setCookie is behaving.
Test page
"integrationExamples/gpt/digitrust_simple.html" in source tree
Expected results
No warning. Cookie written with Secure option.
Actual results
Warning of impending doom.
The text was updated successfully, but these errors were encountered: