SameSite Cookie via .htaccess file

mcfc4heatons
New Member
1 0 0

I know some newer versions of iOS/Safari block third party cookies by default anyway - but does this solution though mean older iOS devices would still be susceptible to CSRF attacks if relying on this solution alone ?

0 Likes
Jason27
Shopify Partner
61 0 20

Not sure if preventing attacks is my priority right now. Compatibility wise, seems to work afaik.

0 Likes
johndevz
New Member
5 0 0

I think this is not working on latest safari version any updates on how to fix it?

All my settings are direct from an ajax but as per debugging my session is not readable through ajax call.

0 Likes
Jason27
Shopify Partner
61 0 20

Try this in your htaccess file and let us know if its working right:

 

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-3].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i">
    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</If>

 cheers

0 Likes
johndevz
New Member
5 0 0

I tried the code above but it's not working on the latest Safari browser. :(

0 Likes
Jason27
Shopify Partner
61 0 20

Whats the user-agent string for the latest safari browser?

0 Likes
johndevz
New Member
5 0 0

 


@Jason27 wrote:

Whats the user-agent string for the latest safari browser?


Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Safari/604.1

using my safari browser mobile.

0 Likes
Jason27
Shopify Partner
61 0 20

Ok you were referring to IOS, so try this instead:

 

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-3]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-3]|Macintosh; Intel Mac OS X.*Version\x2F1[0-3].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i">
    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</If>

Let us know if this works

0 Likes
Royal2
Shopify Partner
3 0 0

Can you give a solution for this agent string?

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15

0 Likes
Jason27
Shopify Partner
61 0 20

I think Safari fixed this issue in later versions. Are you experiencing a samesite issue with the latest safari?

0 Likes