| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: SameSite issues in Safari Browser (reference #RM5975) |
| Date: | 2020-11-30 11:42:30 |
| Message-ID: | CA+OCxoxZCULg79P9QhBE8K65Cgnnz5Am2kyUK=7YSuftLB0thg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi
On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
> Dave,
>
> There are issues discussed on Apple forums, check this out:
>
> https://developer.apple.com/forums/thread/129064 - The latest comment by
> the user here is one month ago, meaning the issue is still not fixed yet.
> https://developer.apple.com/forums/thread/658688 - Users facing this
> issue in v13.x
>
> Even webkit has confirmed about this issue :
> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this issue
> in v12.x
>
In that case, I think the answer (for now at least) is an FAQ, referencing
those issues and explaining how to resolve the issue using config_system.py
or by using a different browser.
Have we actually seen this issue in wild?
>
> On Thu, Nov 26, 2020 at 6:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Hi
>>
>> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
>> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Dave,
>>>
>>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>>> functionality isn't working (mostly the new tab functionality).
>>>
>>> The affected Safari Browser versions (marked in red) currently tested
>>> upon are:
>>>
>>> 1. v11.1.2
>>> 2. v12.1
>>> 3. v12.1.1
>>> 4. 13.1
>>> 5. 14.0.1
>>>
>>> Since v12, Safari have done some security fixes, due to which this issue
>>> has occurred. Strangely, the issue is not reproducible on v13, but
>>> reproducible on its successor i.e. v14
>>>
>>> Possible solutions could be:
>>>
>>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>>> 2. Suggesting Safari users to make below changes in config.py or
>>> config_distro for the work around:
>>>
>>> *SESSION_COOKIE_SAMESITE = None*
>>>
>>> *SESSION_COOKIE_SECURE = True*
>>> (As we aren't going through any cross-site cookie transfer, this can be
>>> a handy option - but still risky..)
>>>
>>> I would suggest going with the 1st option or combination of both, but
>>> with caution.
>>>
>>
>> Others must have come across this issue already. Is it a known bug,
>> documented somewhere (ideally on apple.com)?
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EDB: http://www.enterprisedb.com
>>
>>
>
> --
> *Rahul Shirsat*
> Software Engineer | EnterpriseDB Corporation.
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rahul Shirsat | 2020-11-30 14:00:04 | Re: SameSite issues in Safari Browser (reference #RM5975) |
| Previous Message | Rahul Shirsat | 2020-11-30 07:11:42 | Re: SameSite issues in Safari Browser (reference #RM5975) |