utils.setCookie needs to use Secure with SameSite=none #5011
Assignees
Comments
|
@jaiminpanchal27 - since you were the most recent person to touch these routines, please consider making this update to the central cookie functions https://javascript.info/cookie |
goosemanjack
added a commit
to InteractiveAdvertisingBureau/Prebid.js
that referenced
this issue
Apr 1, 2020
|
I have submitted a PR that makes this change in the new storageManager module. |
|
Closing this issue since the PR has been opened and partly reviewed. |
jsnellbaker
pushed a commit
that referenced
this issue
Apr 7, 2020
rjvelicaria
pushed a commit
to openx/Prebid.js
that referenced
this issue
Apr 9, 2020
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
redaguermas
added a commit
to redaguermas/Prebid.js
that referenced
this issue
Apr 16, 2020
* 'master' of https://github.com/prebid/Prebid.js: (102 commits) Marsmedia - Add vastXml and fix id response (prebid#5067) PubMatic adapter to support image sync (prebid#5104) minor consentManagement fix (prebid#5050) fix circle ci failing tests (prebid#5113) Add Relaido Adapter (prebid#5101) Add new bid adapter for ConnectAd (prebid#4806) change payload (prebid#5105) Utils updates (prebid#5092) Read OpenRTB app objects if set in config + bug fix for when ad units are reloaded (prebid#5086) Criteo : added first party data mapping to bidder request (prebid#4954) updateAdGenerationManual (prebid#5032) New bid adapter: Wipes (prebid#5051) Prebid manager analytics utm tags (prebid#4998) CRITEO RTUS Integration with Yieldmo Prebid (prebid#5075) isSafariBrowser update (prebid#5077) Support min &max duration for onevideo (prebid#5079) increment pre version Prebid 3.15.0 release prebid#5011 Fix to set Secure attribute on cookie when SameSite=none (prebid#5064) Prebid adapter for windtalker (prebid#5040) ...
iggyfisk
pushed a commit
to happypancake/Prebid.js
that referenced
this issue
Jun 22, 2020
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Type of issue
Bug
Description
When a cookie is specified as 'none' for a value of SameSite the cookie should automatically be written with the Secure flag. Currently this produces a warning in Chrome as below:
digiTrustIdSystem.js:89 A cookie associated with a resource at http://prebid.local/ was set with
SameSite=Nonebut withoutSecure. It has been blocked, as Chrome now only delivers cookies markedSameSite=Noneif they are also markedSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.Steps to reproduce
Using the DigiTrust test page "integrationExamples/gpt/digitrust_simple.html" you will get the above warning. This is due to how utils.setCookie is behaving.
Test page
"integrationExamples/gpt/digitrust_simple.html" in source tree
Expected results
No warning. Cookie written with Secure option.
Actual results
Warning of impending doom.
The text was updated successfully, but these errors were encountered: