Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-10717

Cookie attributes must be adjusted to work with with new behavior in browsers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2020-04-27
    • Component/s: Editing interface
    • Labels:
      None

      Description

      Chrome's behavior for how cookies are sent is changing. It's to be expected that other browser vendors will follow suit sooner or later:

      Sites that depend on cookies being sent cross-origin must add the attributes SameSite=None; Secure

      Otherwise cookies without the SameSite attribute will be treated as if SameSite=Lax was set, meaning they will be restricted to first-party context.

      Importing new releases from third-party sites utilizing release editor seeding is one of the most popular methods that will stop working properly.

      There are already reports of disruptions in the workflow of multiple editors:
      https://chatlogs.metabrainz.org/brainzbot/metabrainz/msg/4552690/

        Attachments

          Activity

            People

            Assignee:
            bitmap Michael Wiencek
            Reporter:
            chaban chaban
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                2020-04-27