Base solution for your next web application
Open Closed

SameSite cookies problem #9100


User avatar
0
kateryna.zorina created

Hi, guys! I have a simple question. We're developing a web app, which can be iframed. Also we use token authentication and store auth token in cookies, which are stored using abp.utils.setCookieValue function. When app is iframed and we try to access/store cookies - the following warning appears - A cookie associated with a cross-site resource at was set without the 'SameSite' .... We've managed to get rid of this warning slightly modifying a function, that stores a cookie (adding cookieValue += "; SameSite=None; Secure" to the end of the function). We need to have ability to set these values out of the box, so are you planning to update this function in the nearest future?


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Could you create an issue on https://github.com/aspnetzero/aspnet-zero-core. We can implement this.

    Thanks.

  • User Avatar
    0
    bluescopesteel created

    Can I ask two things please.

    1. Why is it that so many links referenced by your Support Team are broken? The link above by ismcagdas is onlly 29 days old yet is broken. But I keep discovering them all the time.
    2. What are we supposed to be doing with this Samesite issue. I see it also - is our ASP.NET Zero website going to stop working sometime soon? Surely for something so important youy would have sent out some advisory?
  • User Avatar
    0
    maliming created
    Support Team

    https://aspnetzero.com/LicenseManagement

    You can invite anyone to become a member of the ASP.NET Zero organization using their GitHub username. And they can access the ASP.NET Zero private GitHub repositories. Right after you add a GitHub user, the user will receive an invitation email. If there is problem receiving the invitation email, alternatively user can visit github.com/orgs/aspnetzero page and accept the invitation.

    1. We already using LocalStorageService instead of UtilsService cookies. https://support.aspnetzero.com/QA/Questions/9081/encauthtoken-Cooke-issue