Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen
Offen

Is it normal that cookies with sameSite strict are not sent with a window.reload on android

Firefox für Android Web-Kompatibilität
snchmt
snchmt

When going to immich public proxy (as an example) from a link from another app, the Set-Cookie header is set but when performing the window.reload the cookies are not sent within the request.

See code : https://github.com/alangrainger/immich-public-proxy/blob/main/app/views/password.ejs#L49-L69

Reproduction steps : - have a link inside an app - click link - on site perform a request that returns a Set-Cookie header with sameSite=strict - perform a window.reload - check that cookie isn't sent

The same steps where performed on different browsers (Samsung Browser, Firefox on windows) but all of them sent the cookies allowing the authentication.

Is the behavior wanted ? From ietf it seems that is not a normal behavior : https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1

When going to immich public proxy (as an example) from a link from another app, the Set-Cookie header is set but when performing the window.reload the cookies are not sent within the request. See code : https://github.com/alangrainger/immich-public-proxy/blob/main/app/views/password.ejs#L49-L69 Reproduction steps : - have a link inside an app - click link - on site perform a request that returns a Set-Cookie header with sameSite=strict - perform a window.reload - check that cookie isn't sent The same steps where performed on different browsers (Samsung Browser, Firefox on windows) but all of them sent the cookies allowing the authentication. Is the behavior wanted ? From ietf it seems that is not a normal behavior : https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.