Page MenuHomePhabricator
Create Task
Maniphest T342624

NetworkProbeLimit cookie should set samesite attribute
Open, LowPublic
Actions

Description

Related to T335637: Set cookie in Varnish to start a probe

Results in browser console spam currently

Screenshot 2023-07-25 at 12.43.27.png (347×2 px, 269 KB)

Cookie “NetworkProbeLimit” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Details

SubjectRepoBranchLines +/-
Add SameSite=Lax attribute to NetworkProbeLimit cookieoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT255366 SameSite cookie issues
 OpenCDanisT342624 NetworkProbeLimit cookie should set samesite attribute

Event Timeline

Reedy created this task.Jul 25 2023, 11:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 25 2023, 11:43 AM
Reedy updated the task description. (Show Details)Jul 25 2023, 11:44 AM
Maintenance_bot added a project: SRE.Jul 25 2023, 11:45 AM
Reedy mentioned this in T342626: '<wiki-id>wmE-sessionTickLastTick*' cookies not setting samesite attribute.Jul 25 2023, 11:46 AM
Reedy updated the task description. (Show Details)
Nux mentioned this in T344153: Provide nocookie domain for thumb.php (generic or for Commons).Aug 14 2023, 12:55 PM
Nux subscribed.Aug 14 2023, 1:03 PM
joanna_borun assigned this task to ayounsi.Jan 8 2024, 4:20 PM
Tgr added a parent task: T255366: SameSite cookie issues.Jan 9 2024, 8:49 PM
Tgr mentioned this in T345032: Some cookies are misusing the recommended “SameSite“ attribute.Jan 9 2024, 8:53 PM
gerritbot added a comment.Jan 10 2024, 10:53 AM

Change 989457 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/puppet@production] Add SameSite=strict attribute to NetworkProbeLimit cookie

https://gerrit.wikimedia.org/r/989457

gerritbot added a project: Patch-For-Review.Jan 10 2024, 10:53 AM
ayounsi removed ayounsi as the assignee of this task.Jan 23 2024, 10:22 AM
ayounsi subscribed.
CDanis claimed this task.Jan 29 2024, 4:18 PM
CDanis triaged this task as Low priority.
gerritbot added a comment.Wed, May 29, 12:57 PM

Change #989457 merged by CDanis:

[operations/puppet@production] Add SameSite=Lax attribute to NetworkProbeLimit cookie

https://gerrit.wikimedia.org/r/989457

Maintenance_bot removed a project: Patch-For-Review.Wed, May 29, 1:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL