[Webkit-unassigned] [Bug 219650] Cookies set with SameSite=Lax are not sent during redirects in Safari
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 25 09:07:40 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=219650
Viktor Holmberg <viktor.holmberg at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |viktor.holmberg at gmail.com
--- Comment #5 from Viktor Holmberg <viktor.holmberg at gmail.com> ---
I can also confirm this bug. In our case, we've got a paypal integration that does some payment stuff on paypals site, and then redirects back to our site using
window.location.replace = "https://our-site-url".
When the user then returns to our site, their cookies are not sent along, and they get a 404 because their payment can't be found. (We only allow you to see payments if you have the right session id, stored in the lax cookie).
This payment flow works without issue in firefox and chrome.
I do not have a minimal test case but I should be able to provide one on request.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210225/5ef3d593/attachment-0001.htm>
More information about the webkit-unassigned
mailing list