Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default behaviour works fine for Safari, Chrome and Firefox. But can Microsoft edge be added to this list? #27

Open
w-A-L-L-e opened this issue Jul 14, 2021 · 6 comments
Open

Default behaviour works fine for Safari, Chrome and Firefox. But can Microsoft edge be added to this list? #27

w-A-L-L-e opened this issue Jul 14, 2021 · 6 comments

Comments

@w-A-L-L-e
Copy link

w-A-L-L-e commented Jul 14, 2021
edited
Loading

I see there is a user agent to pin down behaviour to one browser using a regex.
However we want to leave the default behaviour and just add one extra browser: microsoft edge (it also change the cookie to lax and has to get similar patch as with chrome where we change it to same_site=none instead).

What is the easiest way to accomplish this using the gem? Do I need to monkey patch the UserAgentChecker?

https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes
@pschinis
Copy link
Owner

If you're saying you want to set the SameSite=None only for Microsoft Edge and have the gem do nothing for other browsers, that's exactly what the user_agent_regex configuration does. If you want to exclude Microsoft Edge you can also do that by creating a regex that just matches all non-Edge browsers. Does that answer your question?

@w-A-L-L-e
Copy link
Author

Thanks for the reply. No it's a bit different: we want to keep the current behaviour and include Microsoft Edge.
Basically with the gem added everything now works correctly for Chrome+Safari but not yet for Microsoft Edge. Edge also needs the adding of SameSite=None as they followed the same samesite=Lax change that chrome applied earlier this year.

@pschinis
Copy link
Owner

The gem should currently be working for Microsoft Edge, if it's not that's a bug. I just tested with Edge 91.0.864.70 on Mac OS 11.4 and it set the SameSite=None directive. If you're not seeing that, make sure you're testing over https first and that you don't have a regex that's preventing it. If you're still not seeing SameSite=None can you provide more details about your setup?

@w-A-L-L-e
Copy link
Author

The user reports under windows 10 it doesnt work with microsoft edge. I asked for the user agent string and got this back as reply:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.67

So Im guessing this is the one not working.
He reports the cookie is still of type SameSite=Lax.
(And it works fine for myself under macos also using chrome and safari and even firefox).

@pschinis
Copy link
Owner

I plugged this user agent string in as a test case and it seems to be working so I'm not really sure what might be going on here. The gem only sets SameSite=None if the SameSite directive isn't already set. Is it possible that your application or some other middleware is manually setting SameSite=Lax somewhere?

@w-A-L-L-e
Copy link
Author

No, as also it works fine under macOS. I will reply in my jira ticket that it should work. Maybe the user is experiencing some kind of caching of his cookie?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@w-A-L-L-e @pschinis