Bug 201646
Summary: | Cookie sameSite Lax setting and .lan domains | ||
---|---|---|---|
Product: | WebKit | Reporter: | Nathan <ngoff> |
Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW | ||
Severity: | Major | CC: | achristensen, ap, beidson, cbilling, cemilekenel, eljawara79, martin.foucek, m.kurz+webkitbugs, webkit-bug-importer, wilander |
Priority: | P2 | Keywords: | InRadar |
Version: | Safari 12 | ||
Hardware: | Mac | ||
OS: | macOS 10.14 | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=265634 |
Nathan
I am uncertain if this is with WebKit or something deeper at the OS level. Our internal development environment uses .lan tld for all of our development servers. With the latest release of Safari and Mojave we have found that cookies are not being sent along by the browser with our ajax calls when we have the sameSite setting set to Lax. If we don't set it then everything works as normal. This appears to be a bug as we are always on the same site when this issue occurs, so it is confusing why it would determine it should not send them along. We do not see this issue in our production systems where we are using a traditional .com tld. It almost seems like the browser has determined .lan to not be 'safe enough' and therefore is not passing along the cookies like it should.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Nathan
To clarify: same-domain AJAX GET requests are not sending the cookie for self-signed .lan TLDs
Radar WebKit Bug Importer
<rdar://problem/55341130>
Martin
Still reproducible on macOS 10.15.3 with Safari 13.0.5.