Re: SameSite issues in Safari Browser (reference #RM5975)

Yes Akshay.

I think we should go ahead adding this approach in the pgadmin faqs, we
would not be fixing this in our code as we don't know when Apple would fix
its issue.

On Thu, Nov 26, 2020 at 11:27 AM Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
wrote:

> Hi Rahul
>
> On Wed, Nov 25, 2020 at 4:07 PM Rahul Shirsat <
> rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
>
>> Hi Dave,
>>
>> Due to SameSite security issues in Safari Browser, some of the pgadmin4
>> functionality isn't working (mostly the new tab functionality).
>>
>> The affected Safari Browser versions (marked in red) currently tested
>> upon are:
>>
>> 1. v11.1.2
>> 2. v12.1
>> 3. v12.1.1
>> 4. 13.1
>> 5. 14.0.1
>>
>> Since v12, Safari have done some security fixes, due to which this issue
>> has occurred. Strangely, the issue is not reproducible on v13, but
>> reproducible on its successor i.e. v14
>>
>> Possible solutions could be:
>>
>> 1. Reporting this to Safari & raising an RM for tracking purposes.
>> 2. Suggesting Safari users to make below changes in config.py or
>> config_distro for the work around:
>>
>> *SESSION_COOKIE_SAMESITE = None*
>>
>> *SESSION_COOKIE_SECURE = True*
>> (As we aren't going through any cross-site cookie transfer, this can be a
>> handy option - but still risky..)
>>
>> I would suggest going with the 1st option or combination of both, but
>> with caution.
>>
>
> In my opinion, we should go with both the options, as we have added the
> above settings for security purposes.
>
>>
>> --
>> *Rahul Shirsat*
>> Software Engineer | EnterpriseDB Corporation.
>>
>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
> *pgAdmin Hacker | Principal Software Architect*
> *EDB Postgres <http://edbpostgres.com>*
>
> *Mobile: +91 976-788-8246*
>

--
*Rahul Shirsat*
Software Engineer | EnterpriseDB Corporation.