3
0%
master: 0%

Ran 13 Oct 2020 08:19PM UTC

Files 0

Run time 0s

Badge

Embed ▾

Committed 13 Oct 2020 08:17PM UTC coverage: 0.0%. Remained the same

Job # GH_TOKEN=[secure]

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

TNL-7608 - Add Note about ``ngrok`` usage. (#111)

As stated by @giovannicimolin:

  Due to a recent change in `Chrome`_ and `Firefox`_
  and the way they handle cookies, it’s not possible
  to access cookies marked as ``SameSite=None`` if
  they are not also Secure.

  This is to help avoid a few CSRF attacks.

  Secure cookies are only available when the request
  is done through `HTTPS`_, which is not the case on
  the devstack.

The workaround for this behaviour is to set
``DCS_SESSION_COOKIE_SAMESITE`` from ``'Lax'``
to ``None`` in the studio container's ``devstack.py``,
when using tools such as ``ngrok``.

This commit adds a note about this to the ``README.rst``
of the repository.

.. _Chrome:: https://twitter.com/ChromiumDev/status/1293236234932846596
.. _Firefox:: https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
.. See ``Secure`` Attribute as a reference
.. _HTTPS:: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Run Details

0 of 0 relevant lines covered (NaN%)

0.0 hits per line

edx / xblock-lti-consumer / 614 / 3
0%
master: 0%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 614.3 (GH_TOKEN=[secure])

edx / xblock-lti-consumer / 614 / 3 0% master: 0%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 614.3 (GH_TOKEN=[secure])

edx / xblock-lti-consumer / 614 / 3
0%
master: 0%

README BADGES
x