Skip to content

fix: proper SameSite=None in dev mode#3502

Merged
aeneasr merged 1 commit intomasterfrom
hperl/fix-dev-samesite-none
Apr 29, 2023
Merged

fix: proper SameSite=None in dev mode#3502
aeneasr merged 1 commit intomasterfrom
hperl/fix-dev-samesite-none

Conversation

@hperl
Copy link
Copy Markdown
Contributor

@hperl hperl commented Apr 26, 2023

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@hperl hperl requested a review from aeneasr as a code owner April 26, 2023 11:48
@hperl hperl requested a review from zepatrik April 26, 2023 11:48
@hperl hperl self-assigned this Apr 26, 2023
zepatrik
zepatrik reviewed Apr 26, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@zepatrik zepatrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be a possible explanation: 921f8c2
Do we automatically set the cookies to not secure when in dev mode? In that case we need to change that as well, so they are always secure. Then none should work.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 26, 2023
edited
Loading

Codecov Report

Merging #3502 (c242591) into master (cf20054) will increase coverage by 0.02%.
The diff coverage is 100.00%.

❗ Current head c242591 differs from pull request most recent head 40c6ab3. Consider uploading reports for the commit 40c6ab3 to get more accurate results

@@            Coverage Diff             @@
##           master    #3502      +/-   ##
==========================================
+ Coverage   76.87%   76.89%   +0.02%     
==========================================
  Files         124      124              
  Lines        9175     9102      -73     
==========================================
- Hits         7053     6999      -54     
+ Misses       1673     1660      -13     
+ Partials      449      443       -6
Impacted Files Coverage Δ
driver/config/provider.go 82.75% <100.00%> (+0.76%) ⬆️

... and 2 files with indirect coverage changes

zepatrik
zepatrik previously approved these changes Apr 26, 2023
View reviewed changes
zepatrik
zepatrik reviewed Apr 26, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@zepatrik zepatrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, we cannot assume an instance in dev mode is not using TLS. It is also not possible to tell in the service itself because the TLS connection might be terminated in a side-car or on the ingress level.

aeneasr
aeneasr reviewed Apr 26, 2023
View reviewed changes
@hperl hperl force-pushed the hperl/fix-dev-samesite-none branch from 696d962 to 40c6ab3 Compare April 27, 2023 07:49
@hperl hperl requested review from aeneasr and zepatrik April 27, 2023 07:53
@aeneasr aeneasr merged commit 5751fae into master Apr 29, 2023
@aeneasr aeneasr deleted the hperl/fix-dev-samesite-none branch April 29, 2023 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aeneasr aeneasr aeneasr approved these changes

@zepatrik zepatrik zepatrik approved these changes

Assignees

@hperl hperl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hperl @aeneasr @zepatrik