Jj Del Carpio

Jj's web stream

In order to make an iframe's request send the domain's cookies. I had to set my cookies to SameSite=none and make sure that my cookies are Secure. Spent the last 2hrs learning that #webdev #http

Glad I had read Mozilla's announcement last month, so I could guess it may be something related to this when my site stopped working.

https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/

Shared on:

Jj Avatar of Jj

Reactions

  1. Avatar for Liran Tal | 👋 see you at #SnykCon Oct 21-22
    Liran Tal | 👋 see you at #SnykCon Oct 21-22

    ahh indeed. I'm just writing on that. it's a good thing you went through it since having the `secure` flag is something you should've enabled prior so now you're on a good path.

  2. Avatar for Liran Tal | 👋 see you at #SnykCon Oct 21-22
    Liran Tal | 👋 see you at #SnykCon Oct 21-22

    Totally understand you

  3. Avatar for Jj
    Jj

    I could only "figure it out" because I had previously read Mozilla's post to think it could be that. There were 0 hints anywhere of how to debug this. Without prior outside knowledge it's impossible to deduce.

Reply or react to this post via Webmentions or reply or like to the Mastodon, Twitter or Instagram post.