Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее
Открыта

Is it normal that cookies with sameSite strict are not sent with a window.reload on android

Firefox для Android Веб-совместимость
snchmt
snchmt

When going to immich public proxy (as an example) from a link from another app, the Set-Cookie header is set but when performing the window.reload the cookies are not sent within the request.

See code : https://github.com/alangrainger/immich-public-proxy/blob/main/app/views/password.ejs#L49-L69

Reproduction steps : - have a link inside an app - click link - on site perform a request that returns a Set-Cookie header with sameSite=strict - perform a window.reload - check that cookie isn't sent

The same steps where performed on different browsers (Samsung Browser, Firefox on windows) but all of them sent the cookies allowing the authentication.

Is the behavior wanted ? From ietf it seems that is not a normal behavior : https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1

When going to immich public proxy (as an example) from a link from another app, the Set-Cookie header is set but when performing the window.reload the cookies are not sent within the request. See code : https://github.com/alangrainger/immich-public-proxy/blob/main/app/views/password.ejs#L49-L69 Reproduction steps : - have a link inside an app - click link - on site perform a request that returns a Set-Cookie header with sameSite=strict - perform a window.reload - check that cookie isn't sent The same steps where performed on different browsers (Samsung Browser, Firefox on windows) but all of them sent the cookies allowing the authentication. Is the behavior wanted ? From ietf it seems that is not a normal behavior : https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1

Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.