| From: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: SameSite issues in Safari Browser (reference #RM5975) |
| Date: | 2020-11-30 14:00:04 |
| Message-ID: | CAKtn9dP32Aiac5RD997yGkO2Mf95hfL3LA7=JSizb_xEGb3THw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
This was the part of our internal quality testing, where it got
encountered. Currently, none of the users have complained about this on
their specific browser versions.
On Mon, Nov 30, 2020 at 5:12 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>
>> Dave,
>>
>> There are issues discussed on Apple forums, check this out:
>>
>> https://developer.apple.com/forums/thread/129064 - The latest comment by
>> the user here is one month ago, meaning the issue is still not fixed yet.
>> https://developer.apple.com/forums/thread/658688 - Users facing this
>> issue in v13.x
>>
>> Even webkit has confirmed about this issue :
>> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this issue
>> in v12.x
>>
>
> In that case, I think the answer (for now at least) is an FAQ, referencing
> those issues and explaining how to resolve the issue using config_system.py
> or by using a different browser.
>
> Have we actually seen this issue in wild?
>
>
>
>>
>> On Thu, Nov 26, 2020 at 6:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>
>>> Hi
>>>
>>> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
>>> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Dave,
>>>>
>>>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>>>> functionality isn't working (mostly the new tab functionality).
>>>>
>>>> The affected Safari Browser versions (marked in red) currently tested
>>>> upon are:
>>>>
>>>> 1. v11.1.2
>>>> 2. v12.1
>>>> 3. v12.1.1
>>>> 4. 13.1
>>>> 5. 14.0.1
>>>>
>>>> Since v12, Safari have done some security fixes, due to which this
>>>> issue has occurred. Strangely, the issue is not reproducible on v13, but
>>>> reproducible on its successor i.e. v14
>>>>
>>>> Possible solutions could be:
>>>>
>>>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>>>> 2. Suggesting Safari users to make below changes in config.py or
>>>> config_distro for the work around:
>>>>
>>>> *SESSION_COOKIE_SAMESITE = None*
>>>>
>>>> *SESSION_COOKIE_SECURE = True*
>>>> (As we aren't going through any cross-site cookie transfer, this can be
>>>> a handy option - but still risky..)
>>>>
>>>> I would suggest going with the 1st option or combination of both, but
>>>> with caution.
>>>>
>>>
>>> Others must have come across this issue already. Is it a known bug,
>>> documented somewhere (ideally on apple.com)?
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EDB: http://www.enterprisedb.com
>>>
>>>
>>
>> --
>> *Rahul Shirsat*
>> Software Engineer | EnterpriseDB Corporation.
>>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>
--
*Rahul Shirsat*
Software Engineer | EnterpriseDB Corporation.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikhil Mohite | 2020-12-01 04:33:43 | [pgAdmin][RM-5991]: Renaming tabs doesn't account for the dirty editor indicator. |
| Previous Message | Dave Page | 2020-11-30 11:42:30 | Re: SameSite issues in Safari Browser (reference #RM5975) |