[ARVADOS] created: 2.1.0-196-g976e10604

Git user git at public.arvados.org
Tue Dec 8 20:05:36 UTC 2020


        at  976e106047edaa52d8c9e4605fad21d5e8f1daf9 (commit)


commit 976e106047edaa52d8c9e4605fad21d5e8f1daf9
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Dec 8 14:59:36 2020 -0500

    16812: Set SameSite: None on keep-web cookies.
    
    Without this, workbench can't use keep-web for image previews.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index ab1bc080b..bd2438d26 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -768,6 +768,8 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc
 			Value:    auth.EncodeTokenCookie([]byte(formToken)),
 			Path:     "/",
 			HttpOnly: true,
+			SameSite: http.SameSiteNoneMode,
+			Secure:   true,
 		})
 	}
 

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list