Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v15] Explicitly set the session cookie to SameSite=Lax #50108

Merged
merged 1 commit into from
Dec 13, 2024
Merged

[v15] Explicitly set the session cookie to SameSite=Lax #50108

merged 1 commit into from
Dec 13, 2024

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Dec 11, 2024

Backport #50097 to branch/v15

@zmb3
Explicitly set the session cookie to SameSite=Lax
2cad944 
Prior to this change, we were not explicitly setting the SameSite
mode for our session cookie, which leaves the behavior up to the
browser.

Chromium-based browsers have been defaulting to SameSite=Lax since
Chrome 80 in February 2020, so this is not a behavior change but
rather locking in today's behavior and being explicit about it.

Note that this is for Teleport's session cookie only. App session
cookies remain using SameSite=None because the proxied app may
itself be using SSO, and we need the app session cookie to make
its way through SSO redirects.
@zmb3 zmb3 added the no-changelog Indicates that a PR does not require a changelog entry label Dec 11, 2024
@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-50108.d3b94eevwi10ji.amplifyapp.com

@zmb3 zmb3 added this pull request to the merge queue Dec 13, 2024
Merged via the queue into branch/v15 with commit bb9525c Dec 13, 2024
36 checks passed
@zmb3 zmb3 deleted the bot/backport-50097-branch/v15 branch December 13, 2024 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codingllama codingllama codingllama approved these changes

@avatus avatus avatus approved these changes

Assignees
No one assigned
Labels
backport no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zmb3 @avatus @codingllama