Skip to content

feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure #1105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 13, 2025
Merged

feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure #1105

merged 1 commit into from
Sep 13, 2025

Conversation

@vaab
Copy link
Contributor

@vaab vaab commented Sep 10, 2025
edited
Loading

Anubis can't be used on pure HTTP mode without this and despite having introduced the COOKIE_SECURE option.

Indeed, browser will refuse cookie in None mode if the cookie is unsecure.

Checklist:

  • Added a description of the changes to the [Unreleased] section of docs/docs/CHANGELOG.md
  • Added test cases to the relevant parts of the codebase
  • Ran integration tests npm run test:integration (unsupported on Windows, please use WSL)
  • All of my commits have verified signatures

@vaab vaab force-pushed the new-same-site-mode branch from 0defa82 to 92abc5e Compare September 10, 2025 05:23
@vaab vaab changed the title allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure Sep 10, 2025
@vaab vaab force-pushed the new-same-site-mode branch from 92abc5e to aad3ce3 Compare September 10, 2025 05:41
@vaab vaab force-pushed the new-same-site-mode branch from aad3ce3 to 2523b93 Compare September 12, 2025 00:33
@Xe Xe enabled auto-merge (squash) September 12, 2025 16:40
@Xe
Copy link
Contributor

Xe commented Sep 12, 2025

@vaab please rebase against main. I'd do it for you but you disabled my ability to do that.

@vaab
feat: fallback to SameSite Lax mode if cookie is not secure
4ccbad0 
Also, will allow to set cookie `SameSite` mode on command line or
environment. Note that `None` mode will be forced to ``Lax`` if
cookie is set to not be secure.

Signed-off-by: Valentin Lab <[email protected]>
auto-merge was automatically disabled September 13, 2025 09:03

Head branch was pushed to by a user without write access

@vaab vaab force-pushed the new-same-site-mode branch from 2523b93 to 4ccbad0 Compare September 13, 2025 09:03
@vaab
Copy link
Contributor Author

vaab commented Sep 13, 2025

@Xe No problem, I rebased (only the changelog had trivial conflicts)

@Xe Xe enabled auto-merge (squash) September 13, 2025 10:50
@Xe Xe merged commit 29ae2a4 into TecharoHQ:main Sep 13, 2025
11 checks passed
kagtee
kagtee reviewed Oct 17, 2025
View reviewed changes
Copy link

@kagtee kagtee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anubis Apache Stealth

@BrewTestBot BrewTestBot mentioned this pull request Oct 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xe Xe Xe approved these changes

+1 more reviewer

@kagtee kagtee kagtee left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vaab @Xe @kagtee