[Webkit-unassigned] [Bug 219650] Cookies set with SameSite=Lax are not sent during redirects in Safari
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 23 05:02:18 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=219650
Wilson Page [:wilsonpage] <wilsonpage at me.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wilsonpage at me.com
--- Comment #6 from Wilson Page [:wilsonpage] <wilsonpage at me.com> ---
I can also confirm this issue.
Since add `SameSite=Lax` to my auth cookies I'm seeing cookies not being sent by Safari to the Stripe Checkout success page.
1. mysite.com/checkout (cookie sent)
2. checkout.stripe.com
3. mysite.com/checkout-success (no cookie sent)
In my log I've seen this with following user-agents:
- Mozilla/5.0 (iPhone; CPU iPhone OS 14_4_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148
- Mozilla/5.0 (iPhone; CPU OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/33.0 Mobile/15E148 Safari/605.1.15
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15
- Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.163 Mobile/15E148 Safari/604.1
But I've yet been unable to reproduce this locally :-/ I think my current workaround will be to user-agent sniff and not use the `SameSite` functionality at all for Safari based browsers.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210423/05b2faa5/attachment.htm>
More information about the webkit-unassigned
mailing list