should_send_same_site_none 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +15 -0
- data/lib/should_send_same_site_none.rb +1 -1
- data/lib/should_send_same_site_none/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 61d4a4faa3bf3953b30ea79a36a5a2f687a742fce89e3deb7e844c28fde23f0f
|
|
4
|
+
data.tar.gz: 24744cce05c4c44fe352dc7a18d15c47a52a609c7b6aa7d153085dc9ee508836
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4c3a346d4b296b2edec2c80f56ea992bf46041b2aee14d2651d72665f409c069bc0a583327c841e6e414fabf4d7c4ca39e577f72642f5ba4e813ec1e1ed5fcc
|
|
7
|
+
data.tar.gz: '02823a304203f948c39781f46d7265460d943fb11a13d28f1323d16bfcd8f4bf31c5500afe6d1a82368c50d56e9a837161538a57037d0c18b6670e16ea3d4098'
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
|
|
4
4
|
With this gem you can check a user-agent is compatible with `SameSite:none` cookie.
|
|
5
5
|
|
|
6
|
+
## Background
|
|
7
|
+
|
|
8
|
+
With Chrome 80 in February 2020, Chrome will treat cookies that have no declared SameSite value as `SameSite=Lax` cookies. Other browser vendors are expected to follow Google’s lead. (See this [Blog Post](https://blog.chromium.org/2019/10/developers-get-ready-for-new.html)).
|
|
9
|
+
|
|
10
|
+
If you manage cross-site cookies, you will need to apply the SameSite=None; Secure setting to those cookies. However, some browsers, including some versions of Chrome, Safari and UC Browser, might handle the None value in unintended ways, requiring developers to code exceptions for those clients.
|
|
11
|
+
|
|
12
|
+
`isSameSiteNoneCompatible` utility function detects incompatible user agents based on a [list of known incompatible clients](https://www.chromium.org/updates/same-site/incompatible-clients) and returns `true` if the given user-agent string is compatible with `SameSite=None` cookie attribute.
|
|
13
|
+
|
|
6
14
|
## Installation
|
|
7
15
|
|
|
8
16
|
Add this line to your application's Gemfile:
|
|
@@ -23,6 +31,7 @@ Or install it yourself as:
|
|
|
23
31
|
|
|
24
32
|
This gem was originally created to check on Ruby on Rails redis session store, if we can pass same_site or not for ex:
|
|
25
33
|
|
|
34
|
+
Look code at: https://github.com/semoal/redis-actionpack
|
|
26
35
|
```ruby
|
|
27
36
|
# redis-action-pack gem
|
|
28
37
|
def set_cookie(env, _session_id, cookie)
|
|
@@ -56,3 +65,9 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
56
65
|
## Code of Conduct
|
|
57
66
|
|
|
58
67
|
Everyone interacting in the ShouldSendSameSiteNone project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/should_send_same_site_none/blob/master/CODE_OF_CONDUCT.md).
|
|
68
|
+
|
|
69
|
+
## Intersting links
|
|
70
|
+
|
|
71
|
+
- [JS Package](https://github.com/linsight/should-send-same-site-none)
|
|
72
|
+
- [Ruby on Rails Session Store with this logic, for avoiding problems on rails app](https://github.com/semoal/redis-actionpack)
|
|
73
|
+
|
|
@@ -73,7 +73,7 @@ module ShouldSendSameSiteNone
|
|
|
73
73
|
major_version = extract_regex_match(user_agent, regex, 1).to_i
|
|
74
74
|
minor_version = extract_regex_match(user_agent, regex, 2).to_i
|
|
75
75
|
build_version = extract_regex_match(user_agent, regex, 3).to_i
|
|
76
|
-
if (major_version
|
|
76
|
+
if (major_version != major)
|
|
77
77
|
return major_version > major
|
|
78
78
|
end
|
|
79
79
|
|