From: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
---|---|
To: | Dave Page <dpage(at)pgadmin(dot)org> |
Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
Subject: | Re: SameSite issues in Safari Browser (reference #RM5975) |
Date: | 2020-11-30 07:11:42 |
Message-ID: | CAKtn9dPCUa_kbA=ViTS+hHZ2PxxQ54SVE5G1YdkTPxoZxxwbgw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
Dave,
There are issues discussed on Apple forums, check this out:
https://developer.apple.com/forums/thread/129064 - The latest comment by
the user here is one month ago, meaning the issue is still not fixed yet.
https://developer.apple.com/forums/thread/658688 - Users facing this issue
in v13.x
Even webkit has confirmed about this issue :
https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this issue in
v12.x
On Thu, Nov 26, 2020 at 6:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>
>> Hi Dave,
>>
>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>> functionality isn't working (mostly the new tab functionality).
>>
>> The affected Safari Browser versions (marked in red) currently tested
>> upon are:
>>
>> 1. v11.1.2
>> 2. v12.1
>> 3. v12.1.1
>> 4. 13.1
>> 5. 14.0.1
>>
>> Since v12, Safari have done some security fixes, due to which this issue
>> has occurred. Strangely, the issue is not reproducible on v13, but
>> reproducible on its successor i.e. v14
>>
>> Possible solutions could be:
>>
>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>> 2. Suggesting Safari users to make below changes in config.py or
>> config_distro for the work around:
>>
>> *SESSION_COOKIE_SAMESITE = None*
>>
>> *SESSION_COOKIE_SECURE = True*
>> (As we aren't going through any cross-site cookie transfer, this can be a
>> handy option - but still risky..)
>>
>> I would suggest going with the 1st option or combination of both, but
>> with caution.
>>
>
> Others must have come across this issue already. Is it a known bug,
> documented somewhere (ideally on apple.com)?
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>
--
*Rahul Shirsat*
Software Engineer | EnterpriseDB Corporation.
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2020-11-30 11:42:30 | Re: SameSite issues in Safari Browser (reference #RM5975) |
Previous Message | Dave Page | 2020-11-26 13:27:06 | Re: SameSite issues in Safari Browser (reference #RM5975) |