Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(clerkjs): Set localhost SameSite=None cookies as Secure #3604

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(clerkjs): Set localhost SameSite=None cookies as Secure #3604

wants to merge 2 commits into from

Conversation

anagstef
Copy link
Member

Description

This PR removes the specific fix we did a while ago for Cypress.

The real reason our cookies where getting deleted in Cypress Chrome is because Chrome requires Secure when setting SameSite=None cookies.

Safari needs a bit of a different handling because it does not consider localhost to be a secure context, so in Safari localhost cookies cannot have the Secure attribute.

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@anagstef anagstef self-assigned this Jun 20, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 20, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 1f5b5e4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@clerk/clerk-js Patch
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@anagstef anagstef marked this pull request as ready for review June 20, 2024 17:25
@anagstef
Copy link
Member Author

!snapshot

@clerk-cookie
Copy link
Collaborator

Hey @anagstef - the snapshot version command generated the following package versions:

Package Version
@clerk/chrome-extension 1.1.0-snapshot.v1f5b5e4
@clerk/clerk-js 5.7.2-snapshot.v1f5b5e4
@clerk/elements 0.9.0-snapshot.v1f5b5e4
@clerk/clerk-expo 1.2.3-snapshot.v1f5b5e4
gatsby-plugin-clerk 5.0.0-beta.45
@clerk/localizations 2.4.6-snapshot.v1f5b5e4
@clerk/ui 0.1.3-snapshot.v1f5b5e4

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/chrome-extension

npm i @clerk/[email protected] --save-exact

@clerk/clerk-js

npm i @clerk/[email protected] --save-exact

@clerk/elements

npm i @clerk/[email protected] --save-exact

@clerk/clerk-expo

npm i @clerk/[email protected] --save-exact

gatsby-plugin-clerk

npm i [email protected] --save-exact

@clerk/localizations

npm i @clerk/[email protected] --save-exact

@clerk/ui

npm i @clerk/[email protected] --save-exact

@panteliselef
Copy link
Member

So it seems this PR reverts #3245 and proposes another solution

@anagstef
Copy link
Member Author

anagstef commented Jun 26, 2024
edited
Loading

@panteliselef Exactly! This PR removes the hacky Cypress fix and proposes a more holistic solution for Secure when on localhost, which also fixes the Cypress issues, even if the cookies are set with SameSite=None.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BRKalow BRKalow Awaiting requested review from BRKalow

@nikosdouvlis nikosdouvlis Awaiting requested review from nikosdouvlis

@dimkl dimkl Awaiting requested review from dimkl

At least 1 approving review is required to merge this pull request.

Assignees

@anagstef anagstef

Labels
clerk-js
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@anagstef @clerk-cookie @panteliselef