Postgres Pro
Downloads
Home   >   mailing lists

Re: SameSite issues in Safari Browser (reference #RM5975) - Mailing list pgadmin-hackers

From Dave Page
Subject Re: SameSite issues in Safari Browser (reference #RM5975)
Date
Msg-id CA+OCxozMTrE-AFoei16-rzb5PNEqN7ZmJQ7wPGe=Ctwp4Tk02Q@mail.gmail.com
Whole thread Raw
In response to SameSite issues in Safari Browser (reference #RM5975)  (Rahul Shirsat <rahul.shirsat@enterprisedb.com>)
Responses Re: SameSite issues in Safari Browser (reference #RM5975)  (Rahul Shirsat <rahul.shirsat@enterprisedb.com>)
List pgadmin-hackers
Tree view
Hi

On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <rahul.shirsat@enterprisedb.com> wrote:
Hi Dave,

Due to SameSite security issues in Safari Browser, some of the pgadmin4 functionality isn't working (mostly the new tab functionality).

The affected Safari Browser versions (marked in red) currently tested upon are:
  1. v11.1.2
  2. v12.1
  3. v12.1.1
  4. 13.1
  5. 14.0.1
Since v12, Safari have done some security fixes, due to which this issue has occurred. Strangely, the issue is not reproducible on v13, but reproducible on its successor i.e. v14

Possible solutions could be:
  1. Reporting this to Safari & raising an RM for tracking purposes.
  2. Suggesting Safari users to make below changes in config.py or config_distro for the work around:
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True

(As we aren't going through any cross-site cookie transfer, this can be a handy option - but still risky..)

I would suggest going with the 1st option or combination of both, but with caution.

Others must have come across this issue already. Is it a known bug, documented somewhere (ideally on apple.com)?
 
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: http://www.enterprisedb.com

pgadmin-hackers by date:

Previous
From: Dave Page
Date:
Subject: Re: Unable to download macros query results (reference #RM5965)
Next
From: Rahul Shirsat
Date:
Subject: Re: SameSite issues in Safari Browser (reference #RM5975)