Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-10717

Cookie attributes must be adjusted to work with with new behavior in browsers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2020-04-27
    • Component/s: Editing interface
    • Labels:
      None

      Description

      Chrome's behavior for how cookies are sent is changing. It's to be expected that other browser vendors will follow suit sooner or later:

      Sites that depend on cookies being sent cross-origin must add the attributes SameSite=None; Secure

      Otherwise cookies without the SameSite attribute will be treated as if SameSite=Lax was set, meaning they will be restricted to first-party context.

      Importing new releases from third-party sites utilizing release editor seeding is one of the most popular methods that will stop working properly.

      There are already reports of disruptions in the workflow of multiple editors:
      https://chatlogs.metabrainz.org/brainzbot/metabrainz/msg/4552690/

        Attachments

          Activity

            People

            • Assignee:
              bitmap Michael Wiencek
              Reporter:
              chaban chaban
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                2020-04-27