Skip to content

Fix syntax error in jQuery cookie when samesite option not set #32266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix syntax error in jQuery cookie when samesite option not set #32266

wants to merge 1 commit into from

Conversation

aapokiiso
Copy link
Contributor

@aapokiiso aapokiiso commented Feb 24, 2021
edited by m2-assistant bot
Loading

Description (*)

If the samesite option was not set, the cookie would be malformed due to a dangling lax being appended to it. For example calling $.cookie('foo', 'bar', {domain: 'foobar.com'}) would call document.cookie = foo=bar; domain=foobar.comlax;

Manual testing scenarios (*)

  1. Open browser dev tools.
  2. Add the following logpoint to lib/jquery/jquery.cookie.js for debugging:
    image
  3. Type jQuery.cookie('foo', 'bar', {domain: 'foobar.com'}) to the dev tools console.
  4. Notice that the cookie syntax is invalid.
    image

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds are green)

Resolved issues:

  1. resolves [Issue] Fix syntax error in jQuery cookie when samesite option not set #32297: Fix syntax error in jQuery cookie when samesite option not set

@aapokiiso
Fix syntax error in jQuery cookie when samesite option not set
b739bc0 
If the `samesite` option was not set, the cookie would be malformed
due to a dangling `lax` being appended to it. For example calling
`$.cookie('foo', 'bar', {domain: 'foobar.com'})` would call `document.cookie = foo=bar; domain=foobar.comlax;`
@m2-assistant
Copy link

m2-assistant bot commented Feb 24, 2021

Hi @aapokiiso. Thank you for your contribution
Here are some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento give me test instance - deploy test instance based on PR changes
  • @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

  • @magento run all tests - run or re-run all required tests against the PR changes
  • @magento run <test-build(s)> - run or re-run specific test build(s)
    For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

  1. Database Compare
  2. Functional Tests CE
  3. Functional Tests EE,
  4. Functional Tests B2B
  5. Integration Tests
  6. Magento Health Index
  7. Sample Data Tests CE
  8. Sample Data Tests EE
  9. Sample Data Tests B2B
  10. Static Tests
  11. Unit Tests
  12. WebAPI Tests
  13. Semantic Version Checker

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

@aapokiiso
Copy link
Contributor Author

@magento run all tests

@mrtuvn
Copy link
Contributor

mrtuvn commented Feb 24, 2021

Fail report tests static seem not related with this changes

ihor-sviziev
ihor-sviziev requested changes Feb 25, 2021
View reviewed changes
lib/web/jquery/jquery.cookie.js
@@ -47,7 +47,7 @@
options.path ? '; path=' + options.path : '',
options.domain ? '; domain=' + options.domain : '',
options.secure ? '; secure' : '',
options.samesite ? '; samesite=' + options.samesite : 'lax',
options.samesite ? '; samesite=' + options.samesite : '',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels like it will work not correctly.
THe default value for samesite should be lax. So I would suggest to change it to something like this:

Suggested change
options.samesite ? '; samesite=' + options.samesite : '',
'; samesite=' + (options.samesite ? options.samesite : 'lax'),

@ihor-sviziev ihor-sviziev added Severity: S2 Major restrictions or short-term circumventions are required until a fix is available. Auto-Tests: Not Required Changes in Pull Request does not require coverage by auto-tests Severity: S1 Affects critical data or functionality and forces users to employ a workaround. and removed Severity: S2 Major restrictions or short-term circumventions are required until a fix is available. labels Feb 26, 2021
@ihor-sviziev
Copy link
Contributor

@sivaschenko @sidolov seems like this is critical issue. Please prioritize it

@ihor-sviziev
Copy link
Contributor

@magento create issue

@m2-assistant m2-assistant bot mentioned this pull request Feb 26, 2021
Closed
4 tasks
@sivaschenko sivaschenko added the Priority: P2 A defect with this priority could have functionality issues which are not to expectations. label Mar 2, 2021
@ihor-sviziev
Copy link
Contributor

@aapokiiso will you be able to update your PR as suggested?

@hostep hostep mentioned this pull request Mar 12, 2021
Closed
@hostep
Copy link
Contributor

hostep commented Mar 12, 2021
edited
Loading

This should also be fixed over here: https://github.com/magento/magento2/blob/2.4.2/lib/web/mage/cookies.js#L79 I think.

https://jsfiddle.net/wzt746hm/

@ihor-sviziev
Copy link
Contributor

ihor-sviziev commented Mar 12, 2021
edited
Loading

@hostep maybe you could create an alternative pull request that will fix the issue in all places?
Update: I'm working on a fix already

@ihor-sviziev ihor-sviziev mentioned this pull request Mar 12, 2021
Merged
4 tasks
@ihor-sviziev
Copy link
Contributor

Hi @aapokiiso,
Unfortunately, we didn't get any response from you for 2 weeks, so I prepared a new PR that fixes the same issue #32462.
I'll close this PR in favor of #32462.

@m2-assistant
Copy link

m2-assistant bot commented Mar 12, 2021

Hi @aapokiiso, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ihor-sviziev ihor-sviziev ihor-sviziev requested changes

Assignees

@ihor-sviziev ihor-sviziev

Labels
Area: Lib/Frontend Auto-Tests: Not Required Changes in Pull Request does not require coverage by auto-tests Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Release Line: 2.4 Severity: S1 Affects critical data or functionality and forces users to employ a workaround.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Issue] Fix syntax error in jQuery cookie when samesite option not set
6 participants
@aapokiiso @mrtuvn @ihor-sviziev @hostep @sivaschenko @magento-engcom-team