KEYCLOAK-12125 Update docs regarding SameSite changes
This commit is contained in:
mhajas
Stian Thorgersen
parent
faf37e32af
commit
33d554c149
4 changed files with 20 additions and 1 deletions
|
|
@ -16,6 +16,9 @@ include::topics/templates/release-header.adoc[]
|
|||
== {project_name_full} 9.0.0
|
||||
include::topics/9_0_0.adoc[leveloffset=2]
|
||||
|
||||
== {project_name_full} 8.0.2
|
||||
include::topics/8_0_2.adoc[leveloffset=2]
|
||||
|
||||
== {project_name_full} 8.0.1
|
||||
include::topics/8_0_1.adoc[leveloffset=2]
|
||||
|
||||
|
|
|
|||
9
release_notes/topics/8_0_2.adoc
Normal file
9
release_notes/topics/8_0_2.adoc
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
= Highlights
|
||||
|
||||
== SameSite cookie changes with upcoming Google Chrome update
|
||||
|
||||
Starting with version 80, Google Chrome will change the default value for the `SameSite` cookie parameter to `Lax`.
|
||||
Therefore, changes were required to several {project_name} cookies (especially those which are used within the
|
||||
Javascript adapter for checking the session status using the iframe) to set `SameSite` parameter to `None`. Please note
|
||||
that this settings also requires setting the `Secure` parameter, hence starting with this version, the Javascript
|
||||
adapter will only be fully functional when using the SSL / TLS connection on the {project_name} side.
|
||||
|
|
@ -92,6 +92,8 @@ It has no other task than sending the received tokens to the main application an
|
|||
|
||||
Please keep in mind that this page at the specified location must be provided by the application itself and is _not_ part of the JavaScript adapter!
|
||||
|
||||
WARNING: Starting with Chrome version 80 (released on February 2020), silent `check-sso` functionality will work only
|
||||
when the SSL / TLS connection is configured on the {project_name} side.
|
||||
|
||||
To enable `login-required` set `onLoad` to `login-required` and pass to the init method:
|
||||
|
||||
|
|
@ -154,6 +156,11 @@ This feature can be disabled by setting `checkLoginIframe: false` in the options
|
|||
You should not rely on looking at this cookie directly. Its format can change and it's also associated with the URL of the {project_name} server, not
|
||||
your application.
|
||||
|
||||
WARNING: Starting with Chrome version 80 (released on February 2020), status iframe will only be able to see the special
|
||||
cookie over the SSL / TLS connection configured on the {project_name} side. Using an insecure connection may lead to redirecting
|
||||
to {project_name} every time iframe checks the status. You can avoid this behavior by disabling iframe
|
||||
or link:{installguide_link}#_setting_up_ssl[configuring the SSL / TLS] on the {project_name} side.
|
||||
|
||||
[[_javascript_implicit_flow]]
|
||||
==== Implicit and Hybrid Flow
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
[[_setting_up_ssl]]
|
||||
=== Setting up HTTPS/SSL
|
||||
|
||||
WARNING: {project_name} is not set up by default to handle SSL/HTTPS.
|
||||
|
|
|
|||
Loading…
Reference in a new issue