For my link archive:
- [WayBack] How to prepare your IdentityServer for Chrome’s SameSite cookie changes – and how to deal with Safari, nevertheless – Thinktecture
- [WayBack] How to correctly delete your SameSite Cookies in Chrome (80+) – Thinktecture
Via:
- [WayBack] Nick Craver on Twitter: “The current best plan I can think of for the SameSite cookie crap in Chrome 80 is uploading a SHA1 collision to the Chromium build server to stop it from shipping.”
- [WayBack] craigfis on Twitter: “How is this breaking a legitimate scenario for you?… “
- [WayBack] Nick Craver on Twitter: “Hey anyone remember a good decade or so where where we all finally agreed “don’t test against user agents, that’s bad!”, but then Google decided to break the internet with SameSite cookie shenanigans and we’re over here writing regexes against user agents in 2020? Good times.”
- [WayBack] Sebastian Gingter on Twitter: “You don’t need regexes. You really don’t :) Have a look at our example implementation: … “
- [WayBack] Nick Craver on Twitter: “This is for VCL :), but the code you posted is from the article with a big warning – how are you considering that warning? … “
- [WayBack] Sebastian Gingter on Twitter: “That warning is more of a “don’t blame us if this still breaks for your users”. We double checked that for most of ours customers (based on their http access logs of UAs), and did quite intense testing and figured it is pretty much complete for what’s out there in the wild. And..…
- [WayBack] Sebastian Gingter on Twitter: “… we also maintain that (at least for our customers) when we find that there’s an issue with that. And I will update the article if need be ;)…
- [WayBack] Nick Craver on Twitter: “Okay awesome info – thank you! That gives me some confidence in it – will likely land in SO code soon.… “
–jeroen
The Wiert Corner - irregular stream of stuff 