Author Topic: Firefox, the lang cookie, and the SameSite attribute  (Read 397 times)

0 Members and 1 Guest are viewing this topic.

Offline Jasiu

  • Forecaster
  • *****
  • Posts: 865
    • LexMAWeather
Firefox, the lang cookie, and the SameSite attribute
« on: November 27, 2021, 11:13:40 AM »
I'm seeing the following warning in the Firefox web console for my site:

Quote
Cookie “lang” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

The URL in the message explains the issue.  Looks like a minor change to set_lang_cookie() in common.php.

Just want to make sure you are aware of this, Ken.


Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8572
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Firefox, the lang cookie, and the SameSite attribute
« Reply #1 on: November 27, 2021, 01:17:19 PM »
Thanks for spotting that.

I've got test fixes to common.php, include-style-switcher.php and nws-alerts.js files.  I've tested on PHP 7.4, 8.0, but I don't have a PHP 5.6 to test with any more.  If you (or someone) wouldn't mind trying it and let me know if it fixes it on that release too.

Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline Jasiu

  • Forecaster
  • *****
  • Posts: 865
    • LexMAWeather
Re: Firefox, the lang cookie, and the SameSite attribute
« Reply #2 on: November 28, 2021, 08:46:35 AM »
I'm on 1&1 (Ionos) which requires $$$ if you want to use obsolete versions, so I can't help there.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8572
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Firefox, the lang cookie, and the SameSite attribute
« Reply #3 on: November 29, 2021, 11:36:49 AM »
I'm on Ionos too, but with a VPS, so I could enable PHP 5.6 on one site to test (it worked).

I've released the fixes to the update tool for the Saratoga templates
Quote
Version 3.345 - 29-Nov-2021 (Base-*) update common.php V1.13, include-style-switcher.php V1.21 to add SameSite=Lax to cookie setting request;
(Base-USA) update nws-alertmap.js V1.01 to add SameSite=Lax to cookie setting request

For Base-*, *-Plugin, 29-Nov-2021

Thanks for bringing it to my attention, Jasiu .. there turned out to be two methods to add the SameSite=Lax to the setcookie() depending on PHP <7.3 or PHP 7.3+ so that's why I needed the test :)
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline zmarfak

  • Contributor
  • ***
  • Posts: 112
    • Matar
Re: Firefox, the lang cookie, and the SameSite attribute
« Reply #4 on: November 29, 2021, 02:06:43 PM »
Hey Ken,
downloaded and installed, firefox ok now.
(running php 8.0.13)

Thank you
Patrick
Davis Vantage Pro2 with a Meteobridge NANO SD and WL (6.04) on a Intel NUC 
https://www.matar.be

Offline Jasiu

  • Forecaster
  • *****
  • Posts: 865
    • LexMAWeather
Re: Firefox, the lang cookie, and the SameSite attribute
« Reply #5 on: November 29, 2021, 08:15:00 PM »
Hey Ken,
downloaded and installed, firefox ok now.
(running php 8.0.13)

Thank you

Same but at 8.0.12.  Fantastic work as usual, Ken!  Thank you.