[wp-trac] [WordPress Trac] #37000: Support for the SameSite cookie attribute
WordPress Trac
noreply at wordpress.org
Tue Jan 5 15:23:38 UTC 2021
#37000: Support for the SameSite cookie attribute
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback needs-dev- | Focuses:
note has-unit-tests | administration
-------------------------------------------------+-------------------------
Comment (by jmichaelward):
I'm working on an open issue today that relates to this Trac ticket.
In Gravity Forms, users who attempt to authenticate their sites with
external services using OAuth usually get redirected back to the settings
page in the admin. However, we've found that this fails in Chrome if the
admin has been logged into the site for more than 2 minutes. In those
situations, when the external service redirects back to WordPress, the
users are returned to the login screen.
I suspect there may be other plugins in the ecosystem which will be
increasingly affected by this. It looks like there's been a lot of great
potential approaches proposed in this ticket over the past few years – I'm
happy to collaborate with others who can help prioritize this for the next
release.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37000#comment:37>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list