Update for Google Chrome: Cookies policy update SameSite = None; secure

Sundar_thapa · April 1, 2020, 6:10pm

Hi Sebastian,
I wonder how is squidex prepared to deal google chrome’s cookies policy [here].(https://www.chromestatus.com/feature/5633521622188032)

Sebastian · April 1, 2020, 8:15pm

As long as you run squidex under https it is fine.

Sundar_thapa · April 2, 2020, 6:58am

Thanks, but if I have the identity server on a different domain, it definitely causes silent token renew to fail because iframe thinks it is a cross-domain request.

Sebastian · April 2, 2020, 7:12am

But how is this related to cookies?

Sundar_thapa · April 2, 2020, 7:14am

Iframe silent token renew and tokens:

Sebastian · April 2, 2020, 7:57am

Thx, I will test it…but I still don’t see how it is related to an external identity server…

Sebastian · April 2, 2020, 9:49am

I have integrated the fix into Squidex.

Sundar_thapa · April 2, 2020, 9:57am

That’s great. Were you actually able to see the issue and be sure that this code did fix the warning cookie samesite messages?

Sebastian · April 2, 2020, 9:58am

No, I have never seen it :(…with https you do not have issues and I do not have safari available

Sundar_thapa · April 2, 2020, 10:11am

Cool. Anyways I am adding it here just for your reference:

Cookies not set with same site:

Console warning:

Sebastian · April 2, 2020, 11:03am

Is this Squidex Identity?

Sundar_thapa · April 2, 2020, 11:06am

Nope. It is an independent identity server but I am using it for squidex.

Sebastian · April 2, 2020, 11:07am

But what do I have to do with the cookies of your identity server?