@jill @DanielMcQ I noticed that recently when I stood up another devstack_docker environment (e.g. master or open-release/juniper.master) while using Chrome that I’m not able to get past the http://localhost:18000/login screen without commenting out this django_cookies_samesite.middleware.CookiesSameSite and reloading the LMS. I think it’s because Chrome is blocking these cookies below (see graphic too). When I remove the middleware it works just fine for devstack_docker.
Blocked EdX Cookies
Getting this error message with following cookies:
csrftokenenterprise_customer_uuidsessionidexperiments_is_enterprise
The error message says:
This Set-Cookie was blocked because it had the “SameSite=None” attribute but did not have the “Secure” attribute, which is required in order to use “SameSite=None”.
Solution
Here are two options that we could use with devstack_docker to continue to allow login from the http://localhost:18000/login page.
- We could remove this middleware in
devstack_docker.
https://github.com/edx/edx-platform/blob/master/lms/envs/common.py#L1491-L1493 - So it appears that when were not on a secure site (e.g. devstack_docker, localhost) then we need to set this SameSite cookies to something other than
SameSite=Nonesince that requires a secure connection. My recommendation is to set it toLaxsince after reading over this post Cookie SameSite dijelaskan | Articles | web.dev it appears to be the default that browsers go to and is more open to sending the EdX cookies in a request from a third-party site. Anyway let me know what you think. When I set this value it seems to let me login ondevstack_docker. I couldn’t login after provisioning a newdevstack_dockerenvironment and I remember that we added this recently.# ./edx-platform/lms/env/devstack.py # django-session-cookie middleware DCS_SESSION_COOKIE_SAMESITE = 'Lax'
