NEW 201646
Cookie sameSite Lax setting and .lan domains
https://bugs.webkit.org/show_bug.cgi?id=201646
Summary Cookie sameSite Lax setting and .lan domains
Nathan
Reported 2019-09-10 09:04:24 PDT
I am uncertain if this is with WebKit or something deeper at the OS level. Our internal development environment uses .lan tld for all of our development servers. With the latest release of Safari and Mojave we have found that cookies are not being sent along by the browser with our ajax calls when we have the sameSite setting set to Lax. If we don't set it then everything works as normal. This appears to be a bug as we are always on the same site when this issue occurs, so it is confusing why it would determine it should not send them along. We do not see this issue in our production systems where we are using a traditional .com tld. It almost seems like the browser has determined .lan to not be 'safe enough' and therefore is not passing along the cookies like it should.
Attachments
Nathan
Comment 1 2019-09-10 09:28:26 PDT
To clarify: same-domain AJAX GET requests are not sending the cookie for self-signed .lan TLDs
Radar WebKit Bug Importer
Comment 2 2019-09-13 09:15:47 PDT
Martin
Comment 3 2020-03-16 08:27:31 PDT
Still reproducible on macOS 10.15.3 with Safari 13.0.5.
Note You need to log in before you can comment on or make changes to this bug.