[Seaside-dev] Cookie tracking and SameSite setting
Max Leske
maxleske at gmail.com
Tue Dec 1 20:18:06 UTC 2020
Hi Esteben,
Interesting case. I guess we didn't think about that. Usually you wouldn't want to share the tracking cookie with another domain but that might be a valid case
This should probably be solved by updating the configurations (which can be tough), so if you feel up to it we'd appreciate a PR with such a change.
Cheers,
Max
On 28 Nov 2020, at 19:25, Esteban Maringolo wrote:
> Hi all,
>
> I have an application that has a Cookie based tracking strategy, but
> given that the SameSite setting is hardcoded to be 'Strict' it forbids
> (and actually breaks) the behavior of my Seaside app when it is
> embedded into an <iframe> in a third party domain.
>
> Should this SameSite setting be configurable somehow?
>
> The only way I found to do this was by subclassing the tracking strategy class.
>
> Regards,
>
> Esteban A. Maringolo
> _______________________________________________
> seaside-dev mailing list
> seaside-dev at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squeakfoundation.org/pipermail/seaside-dev/attachments/20201201/b06265e6/attachment.sig>
More information about the seaside-dev
mailing list