Paths

Table of Contentst

Differential D9290

[keyserver] Stop sending http cookies
ClosedPublic
Actions

Authored by michal on Sep 25 2023, 7:33 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Nov 7, 11:46 PM

	Unknown Object (File)
	Thu, Nov 7, 11:46 PM

	Unknown Object (File)
	Thu, Nov 7, 11:36 PM

	Unknown Object (File)
	Thu, Nov 7, 7:32 PM

	Unknown Object (File)
	Wed, Oct 23, 2:44 AM

	Unknown Object (File)
	Wed, Oct 23, 2:41 AM

	Unknown Object (File)
	Sat, Oct 19, 7:42 AM

	Unknown Object (File)
	Sat, Oct 19, 7:10 AM

View All 70 Files

Subscribers

Details

Reviewers

inka
kamil
atul

Commits

rCOMMd4263f484675: [keyserver] Stop sending http cookies

Summary

ENG-4747
Depends on D9288

We want to stop sending browser cookies on requests from the keyserver. The only exception is for website-responders where we send back any cookies we get. This is done so that they are updated to httpOnly: false and so older clients that will update to redux cookies can migrate.

Test Plan

Check that the migration still works
Check that the web app still works
Check that the cookie lifespan is still updated

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

michal created this revision.Sep 25 2023, 7:33 AM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptSep 25 2023, 7:33 AM

michal added a child revision: D9291: [keyserver] Stop accepting http cookies.Sep 25 2023, 7:37 AM

Harbormaster completed remote builds in B22834: Diff 31405.Sep 25 2023, 7:51 AM

michal requested review of this revision.Sep 25 2023, 7:52 AM

kamil accepted this revision.Sep 26 2023, 2:59 AM

This revision is now accepted and ready to land.Sep 26 2023, 2:59 AM

michal added a child revision: D9500: [keyserver] Remove cookieSources.Oct 16 2023, 5:31 AM

michal mentioned this in D9500: [keyserver] Remove cookieSources.Oct 16 2023, 5:35 AM

michal removed a child revision: D9500: [keyserver] Remove cookieSources.

michal added a child revision: D9502: [lib] Remove setCookieOnRequest.Oct 16 2023, 5:35 AM

Closed by commit rCOMMd4263f484675: [keyserver] Stop sending http cookies (authored by Michal Gniadek <michal.gniadek@swmansion.com>). · Explain WhyOct 23 2023, 3:05 AM

This revision was automatically updated to reflect the committed changes.

Michal Gniadek <michal.gniadek@swmansion.com> added a commit: rCOMMd4263f484675: [keyserver] Stop sending http cookies.

Michal Gniadek <michal.gniadek@swmansion.com> mentioned this in rCOMM24c786a1a2bf: [keyserver] Remove cookieSources.Nov 27 2023, 7:27 AM

Revision Contents
Changeset List

Path

Size

keyserver/

src/

responders/

66 lines

website-responders.js

7 lines

session/

34 lines

Diff 32309

keyserver/src/responders/handlers.js

Loading...

keyserver/src/responders/website-responders.js

Loading...

keyserver/src/session/cookies.js

Loading...