{"id":153,"date":"2020-08-24T15:08:00","date_gmt":"2020-08-24T15:08:00","guid":{"rendered":"https:\/\/habett.fr\/blog\/?p=153"},"modified":"2020-10-10T12:12:15","modified_gmt":"2020-10-10T12:12:15","slug":"samsite-cookies-rails-clueless-monkey-patch","status":"publish","type":"post","link":"https:\/\/habett.fr\/blog\/2020\/08\/samsite-cookies-rails-clueless-monkey-patch\/","title":{"rendered":"Samesite cookies & rails & clueless monkey patch"},"content":{"rendered":"\n

Une vieille application Ruby on Rails 3. C’\u00e9tait par tourisme de dev et j’aime bien, malgr\u00e9 les particularit\u00e9s de ruby (typage et scope) . Des browsers qui commencent \u00e0 se plaindre du mauvais voir du manque d’attribut same site sur les cookies (dans mon cas des cookies de session).<\/p>\n\n\n\n

https:\/\/developer.mozilla.org\/fr\/docs\/Web\/HTTP\/Headers\/Set-Cookie\/SameSite<\/a><\/p>\n\n\n\n

Je commence par bien flipper. Entre toutes les versions de rails, des heures de recherche, j’\u00e9tais presque r\u00e9solu \u00e0 monkey-patcher les libraires mais, \u00e9tant bien incapable de localiser o\u00f9 frapper, je commen\u00e7ais \u00e0 d\u00e9sesp\u00e9rer.<\/p>\n\n\n\n

Le site \u00e9tant service par un apache2 sous mod_passenger, la lumi\u00e8re la plus \u00e9vidente m’est enfin apparue. J’installe et j’active le mod headers d’apache2 puis je rajoute ce segment dans la section qui vas bien de la config apache du site en question:<\/p>\n\n\n\n

<ifmodule mod_headers.c>\nHeader always edit Set-Cookie (.*) \"$1; SameSite=strict\"\n<\/ifmodule> <\/code><\/pre>\n\n\n\n
Je red\u00e9marre mon apache et mon firefox ne se plaint plus. Magique !!<\/p>\n","protected":false},"excerpt":{"rendered":"
Une vieille application Ruby on Rails 3. C’\u00e9tait par tourisme de dev et j’aime bien, malgr\u00e9 les particularit\u00e9s de ruby (typage et scope) . Des browsers qui commencent \u00e0 se plaindre du mauvais voir du manque d’attribut same site sur les cookies (dans mon cas des cookies de session). https:\/\/developer.mozilla.org\/fr\/docs\/Web\/HTTP\/Headers\/Set-Cookie\/SameSite Je commence par bien flipper. … Continuer la lecture de Samesite cookies & rails & clueless monkey patch<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,36],"tags":[35,33,34,32],"class_list":["post-153","post","type-post","status-publish","format-standard","hentry","category-code","category-http","tag-apache","tag-cookies","tag-monkeypatch","tag-rails"],"_links":{"self":[{"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/comments?post=153"}],"version-history":[{"count":3,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions"}],"predecessor-version":[{"id":164,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions\/164"}],"wp:attachment":[{"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/media?parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/categories?post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/habett.fr\/blog\/wp-json\/wp\/v2\/tags?post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}