Re: SameSite issues in Safari Browser (reference #RM5975)

Dave,

There are issues discussed on Apple forums, check this out:

https://developer.apple.com/forums/thread/129064 - The latest comment by
the user here is one month ago, meaning the issue is still not fixed yet.
https://developer.apple.com/forums/thread/658688 - Users facing this issue
in v13.x

Even webkit has confirmed about this issue :
https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this issue in
v12.x

On Thu, Nov 26, 2020 at 6:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Hi
>
> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>
>> Hi Dave,
>>
>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>> functionality isn't working (mostly the new tab functionality).
>>
>> The affected Safari Browser versions (marked in red) currently tested
>> upon are:
>>
>> 1. v11.1.2
>> 2. v12.1
>> 3. v12.1.1
>> 4. 13.1
>> 5. 14.0.1
>>
>> Since v12, Safari have done some security fixes, due to which this issue
>> has occurred. Strangely, the issue is not reproducible on v13, but
>> reproducible on its successor i.e. v14
>>
>> Possible solutions could be:
>>
>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>> 2. Suggesting Safari users to make below changes in config.py or
>> config_distro for the work around:
>>
>> *SESSION_COOKIE_SAMESITE = None*
>>
>> *SESSION_COOKIE_SECURE = True*
>> (As we aren't going through any cross-site cookie transfer, this can be a
>> handy option - but still risky..)
>>
>> I would suggest going with the 1st option or combination of both, but
>> with caution.
>>
>
> Others must have come across this issue already. Is it a known bug,
> documented somewhere (ideally on apple.com)?
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>

--
*Rahul Shirsat*
Software Engineer | EnterpriseDB Corporation.