Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content cookie available after delete on Safari #11779

Closed
1 task
ohrrkan opened this issue Aug 19, 2024 · 8 comments
Closed
1 task

Content cookie available after delete on Safari #11779

ohrrkan opened this issue Aug 19, 2024 · 8 comments
Labels
ecosystem: upstream Upstream package has issue

Comments

@ohrrkan
Copy link

ohrrkan commented Aug 19, 2024
edited
Loading

Astro Info

Astro                    v4.14.2
Node                     v20.16.0
System                   macOS (arm64)
Package Manager          npm
Output                   hybrid
Adapter                  @astrojs/vercel/serverless
Integrations             @astrojs/sitemap
                         @astrojs/tailwind

If this issue only occurs in one browser, which browser is a problem?

Safari

Describe the Bug

Not certain it is a Astro issue or Safari (Need more investigation) but impact.

The content of the cookie can be access on the client after a cookie.delete (Only on Safari)

Example :

set.astro

---
Astro.cookies.set("sb-access-token", "token", {
  path: "/",
});
---

<!doctype html>
<html>
  <body>
    <h1>Set cookie</h1>
  </body>
</html>

delete.astro

---
Astro.cookies.delete("sb-access-token", { path: "/" });
---

<!doctype html>
<html>
  <body>
    <h1>Delete cookie</h1>
    <script>
      console.log(document.cookie);
    </script>
  </body>
</html>

What's the expected result?

Tempory solution : cookies.set("sb-access-token", "",{ path: "/" }); in place of cookies.delete("sb-access-token", { path: "/" });

Link to Minimal Reproducible Example

stackblitz not work with safari

Participation

  • I am willing to submit a pull request for this issue.
@github-actions github-actions bot added the needs triage Issue needs to be triaged label Aug 19, 2024
@matthewp
Copy link
Contributor

We still need an example. Even if it doesn't break in Stackblitz we use these examples to pull down locally and eventually turn into a test.

@matthewp matthewp added needs repro Issue needs a reproduction and removed needs triage Issue needs to be triaged labels Aug 19, 2024
@github-actions GitHub Actions
Copy link
Contributor

Hello @ohrrkan. Please provide a minimal reproduction using a GitHub repository or StackBlitz. Issues marked with needs repro will be closed if they have no activity within 3 days.

@ohrrkan
Copy link
Author

ohrrkan commented Aug 20, 2024

We still need an example. Even if it doesn't break in Stackblitz we use these examples to pull down locally and eventually turn into a test.

linked

@ematipico ematipico added needs triage Issue needs to be triaged and removed needs repro Issue needs a reproduction labels Aug 20, 2024
@mingjunlu
Copy link
Contributor

mingjunlu commented Sep 29, 2024
edited
Loading

Hi @ohrrkan,

I downloaded the repo you provided and tested locally with Safari 17.6. The cookie was successfully deleted after visiting http://localhost:4321/remove.

Here are the steps I take:

  1. Visit http://localhost:4321/set
  2. Notice that the cookie is set
  3. Visit http://localhost:4321/remove
  4. Notice that the cookie is removed

Is there anything that I might have missed in order to reproduce the situation?

@ascorbic
Copy link
Contributor

ascorbic commented Oct 2, 2024

I've also tried and failed to reproduce it with your code using the same steps as @mingjunlu. Can you provide step-by-step instructions to reproduce this.

@ascorbic ascorbic added needs repro Issue needs a reproduction and removed needs triage Issue needs to be triaged labels Oct 2, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2024

Hello @ohrrkan. Please provide a minimal reproduction using a GitHub repository or StackBlitz. Issues marked with needs repro will be closed if they have no activity within 3 days.

@mingjunlu
Copy link
Contributor

mingjunlu commented Oct 5, 2024
edited
Loading

Sorry for not reading the description carefully. I actually reproduced it without noticing 😅

So the problem is that, even though the cookie is gone in the storage tab of Safari's developer tools, it is somehow still accessible on the client side (by accessing document.cookie).

Compared with Chrome and Firefox, the removed cookie is not accessible on the client side.

I did a little bit of searching and found a similar issue:
https://bugs.webkit.org/show_bug.cgi?id=247482

Seems like a Safari bug to me 🤔

@mingjunlu mingjunlu added needs triage Issue needs to be triaged and removed needs repro Issue needs a reproduction labels Oct 5, 2024
@ascorbic
Copy link
Contributor

ascorbic commented Oct 5, 2024

Ah, well found. That doesn't seem like something we can deal with, so I'll close this.

@ascorbic ascorbic closed this as not planned Won't fix, can't repro, duplicate, stale Oct 5, 2024
@ascorbic ascorbic added ecosystem: upstream Upstream package has issue and removed needs triage Issue needs to be triaged labels Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ecosystem: upstream Upstream package has issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ascorbic @matthewp @ematipico @mingjunlu @ohrrkan