Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure to set secure flag when setting samesite none #15676

Merged
merged 1 commit into from Mar 11, 2020
Merged

Make sure to set secure flag when setting samesite none #15676

merged 1 commit into from Mar 11, 2020
+7 −1

Conversation

tsteur
Copy link
Member

@tsteur tsteur commented Mar 5, 2020

refs #15672
this PR will also need to be merged to fix #15672 matomo-org/tag-manager#229

@MichaelHeerklotz can you maybe also have a look at this PR

Not sure how to fallback when HTTPS is not used. Should we still set to None and assume it works for a while in some browsers that are not Chrome but eventually it'll fail? I suppose it's not quite a solution. I assume Lax maybe won't work so well for 3rd party tracking?

@tsteur tsteur added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Mar 5, 2020
@tsteur tsteur added this to the 3.13.4 milestone Mar 5, 2020
@diosmosis
Copy link
Member

Lax doesn't work across domains so in this case we'd have to require https is used?

@tsteur
Copy link
Member Author

tsteur commented Mar 10, 2020

It would still work maybe if they use 3rd party cookies on same domains I suppose.

@diosmosis
Copy link
Member

👍 I guess it doesn't hurt to have it then. We may have to document the requirement to put matomo on https for some people then... Actually we shouldn't encourage using http. But that's not related to this issue, really.

@tsteur
Copy link
Member Author

tsteur commented Mar 11, 2020

We're recommending this here btw: https://matomo.org/blog/2020/02/new-cookie-behaviour-in-browsers-may-cause-regressions/

@diosmosis diosmosis merged commit 4d6d716 into 3.x-dev Mar 11, 2020
@diosmosis diosmosis deleted the cookiesamesite3rd branch March 11, 2020 09:14
jonasgrilleres pushed a commit to 1024pix/pix-analytics that referenced this pull request Sep 22, 2020
@tsteur @jonasgrilleres
Make sure to set secure flag when setting samesite none (matomo-org#1…
981778b 
…5676)
jbuget pushed a commit to 1024pix/pix-analytics that referenced this pull request Sep 26, 2020
@tsteur @jbuget
Make sure to set secure flag when setting samesite none (matomo-org#1…
3f37670 
…5676)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgiehl sgiehl sgiehl approved these changes

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
3.13.4
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tsteur @diosmosis @sgiehl