How to adjust SameSite

By -

I am heavily a beginner and I'm very confused as to how to implement changing the SameSite attribute.

There does seem plenty of similar posts , I understand I need to change the SameSite to sameSite: 'none', secure: true - I'm just not sure where to place it within my code.

I am building a website using html and javascript, testing on a local server using Node.js.

I understand there is an example that shows me the adjustment, I'm just confused as to where in my code to make such an adjustment.

This is a result of the following error:

Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery. Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use. Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.

The cookie is to keep a user logged in over multiple pages using firebase authentication - do I need to specify the specific cookie? How does this effect security?

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Example</title>
</head>
<body>

    <div id="loggedOut">
        <h3>please log in.</h3>
        <form onsubmit="login(event)">
        
            <input type="text" id="email" name="email" placeholder="your@email.com">
            <input type="text" id="password" name="password" placeholder="password">
            <button type="submit" id="logIn" value="Login">login.</button>
            
        </form>
    </div>
    
</body>

<script type="module" >
    // FIREBASE CONFIG

    // Import the functions you need from the SDKs you need
    import { initializeApp } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-app.js";
    import { getDatabase, set, ref, onValue } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-database.js";
    import { getAuth, signInWithEmailAndPassword, setPersistence, browserLocalPersistence } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-auth.js";

    
    // TODO: Add SDKs for Firebase products that you want to use
    // https://firebase.google.com/docs/web/setup#available-libraries

    // Your web app's Firebase configuration
    const firebaseConfig = {
        apiKey: "xx",
        authDomain: "xx",
        projectId: "xx",
        storageBucket: "xx",
        messagingSenderId: "xx",
        appId: "xx",
        databaseURL : "https://"
    };

    // Initialize Firebase
    const app = initializeApp(firebaseConfig);
    const database = getDatabase(app);
    const auth = getAuth();
     
    
    //const auth = getAuth(app);

    logIn.addEventListener('click', (e) => {

        var email = document.getElementById('email').value;
        var password = document.getElementById('password').value;

        signInWithEmailAndPassword(auth, email, password)
            .then((userCredential) => {
                // Signed in 
                const user = userCredential.user;

                window.location = './home.html';
                // ...
            })
            .catch((error) => {
                const errorCode = error.code;
                const errorMessage = error.email;
                alert(errorMessage);
    });

    
    const user = auth.currentUser;
    

    if (user) {
        // User is signed in, see docs for a list of available properties
        // https://firebase.google.com/docs/reference/js/firebase.User
        // ...
        
        const displayName = "users" + user.uid;
        alert(displayName) 
        
        const starCountRef = ref(database, displayName + '/username');
        onValue(starCountRef, (snapshot) => {
            const data = snapshot.val();
            alert(data)
        });
    } else {
        // No user is signed in.
        alert('error')   
    } 
})

</script> 


<script>
    function login(event) {
        event.preventDefault()
    }    
    function logout() {
    }
</script>

</html>


Comments

Post a Comment

Popular posts from this blog

Today Walkin 14th-Sept

By -
Image
14th Sept 2017 ( GO Through all List) Read Walkin details properly , Try to call company before attending if possible !!! ==================================== 1. Myntra through fresherworld (Call Based , Venue shared to shortlisted candidates) _____________________________ 2. Magna : Hiring for Client Harman : C++
Read more

Spring Elasticsearch Operations

By -
Elasticsearch Operations Spring Data Elasticsearch uses two interfaces to define the operations that can be called against an Elasticsearch index. These are ElasticsearchOperations and ReactiveElasticsearchOperations. Whereas the first is used with the classic synchronous implementations, the second one uses reactive infrastructure. The default implementations of the interfaces offer: Read/Write mapping support for domain types. A rich query and criteria api. Resource management and Exception translation. ElasticsearchTemplate The ElasticsearchTemplate is an implementation of the ElasticsearchOperations interface using the Transport Client. @Configuration public class TransportClientConfig extends ElasticsearchConfigurationSupport {   @Bean   public Client elasticsearchClient() throws UnknownHostException {                      Settings settings = Settings.builder().put("cluster.name", "elasticsearch")....
Read more

Hibernate Search - Elasticsearch with JSON manipulation

By -
Elasticsearch with JSON manipulation Elasticsearch ships with many features. It is possible that at some point, one feature you need will not be exposed by the Search DSL. To work around such limitations, Hibernate Search provides ways to: Transform the HTTP request sent to Elasticsearch for search queries. Read the raw JSON of the HTTP response received from Elasticsearch for search queries. Direct changes to the HTTP request may conflict with Hibernate Search features and be supported differently by different versions of Elasticsearch. Similarly, the content of the HTTP response may change depending on the version of Elasticsearch, depending on which Hibernate Search features are used, and even depending on how Hibernate Search features are implemented. Thus, features relying on direct access to HTTP requests or responses cannot be guaranteed to continue to work when upgrading Hibernate Search, even for micro upgrades (x.y.z to x.y.(z+1)). Use this at your own risk....
Read more