Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set SameSite attribute to 'None; Secure' in Rails3.1.12 and Ruby1.9.3

Tags:

ruby

ruby-on-rails

ruby-on-rails-3.1

ruby-1.9.3

ruby-1.9.2

A cookie associated with a cross-site resource at https://example.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Please let me know how to set the SameSite cookie attribute. Thanks in advance.

like image 530
Suresh Kumar Avatar asked Dec 05 '19 12:12

Suresh Kumar

People also ask

How do I set specify SameSite none and secure?

SameSite=None requires Secure The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected. To fix this, you will have to add the Secure attribute to your SameSite=None cookies. A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol.

How do I set the SameSite cookie attribute to none?

A New Model for Cookie Security and Transparency Developers must use a new cookie setting, SameSite=None , to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections.

How do I fix my SameSite attribute?

Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.

Where do you set the SameSite attribute?

You can add SameSite cookie attributes in the set-cookie HTTP response header to restricts browser behavior. It may prevent the browser from sending the cookie's key=value pair based on the type of interaction that triggered the HTTP request.

1 Answers

In Rails 6.0 and 6.1 the same_site attribute has been added:

cookies["foo"] = {
  value: "bar",
  secure: Rails.application.config.secure_cookies,
  same_site: "None"
}

For Rails 5.x and lower, the rails_same_site_cookie gem is a good option for adding SameSite=None; to all your app's cookies. It uses middleware to do it.

like image 115
Kelsey Hannan Avatar answered Oct 11 '22 03:10

Kelsey Hannan
Sign in to Comment

Related questions

Communicate between a Rails app and a Node.js app
testing nested routes with rspec
rubyMine 'Unable to attach test reporter to test framework'
Using Rails helpers to render partials
Rails 3.2 - haml vs. erb. Is haml faster? (february 2012)
Installing rmagick 2.13.1 with graphicsmagick on Ubuntu 10.04
config.assets.precompile not adding vendor/gem assets
Is it possible to skip the asset precompile step for a single git push on Heroku?
Rails/Ruby - Prepopulate form with data passed from another page
Assets won't precompile when deploying with capistrano to production on amazon EC2
Why I can not call super in define_method with overloading method?
rails 4 - stripe_event functions
Implementing multiple user roles
How to do live reload with Rails 4 and Ruby 2.0 app?
Pundit policies with two input parameters
Find the list of failed Sidekiq jobs with their arguments
/usr/bin/ruby: bad interpreter: No such file or directory
Query if array column contains one or more values
Mute ActiveStorage Logs
Rails: rake db:structure:load times out on CircleCI 2.0

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!