| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: SameSite issues in Safari Browser (reference #RM5975) |
| Date: | 2020-11-26 13:27:06 |
| Message-ID: | CA+OCxozMTrE-AFoei16-rzb5PNEqN7ZmJQ7wPGe=Ctwp4Tk02Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi
On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
> Hi Dave,
>
> Due to SameSite security issues in Safari Browser, some of the pgadmin4
> functionality isn't working (mostly the new tab functionality).
>
> The affected Safari Browser versions (marked in red) currently tested upon
> are:
>
> 1. v11.1.2
> 2. v12.1
> 3. v12.1.1
> 4. 13.1
> 5. 14.0.1
>
> Since v12, Safari have done some security fixes, due to which this issue
> has occurred. Strangely, the issue is not reproducible on v13, but
> reproducible on its successor i.e. v14
>
> Possible solutions could be:
>
> 1. Reporting this to Safari & raising an RM for tracking purposes.
> 2. Suggesting Safari users to make below changes in config.py or
> config_distro for the work around:
>
> *SESSION_COOKIE_SAMESITE = None*
>
> *SESSION_COOKIE_SECURE = True*
> (As we aren't going through any cross-site cookie transfer, this can be a
> handy option - but still risky..)
>
> I would suggest going with the 1st option or combination of both, but with
> caution.
>
Others must have come across this issue already. Is it a known bug,
documented somewhere (ideally on apple.com)?
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rahul Shirsat | 2020-11-30 07:11:42 | Re: SameSite issues in Safari Browser (reference #RM5975) |
| Previous Message | Dave Page | 2020-11-26 13:26:02 | Re: Unable to download macros query results (reference #RM5965) |