לאתר זה תהיה פונקציונליות מוגבלת בזמן שאנו מתחזקים אותו לשיפור החוויה שלך. אם מאמר מסויים לא פותר את הבעיה שלך וברצונך לשאול שאלה, קהילת התמיכה שלנו מחכה לעזור לך ב־Twitter תחת ‎@FirefoxSupport וב־Reddit תחת ‎/r/firefox.

חיפוש בתמיכה

יש להימנע מהונאות תמיכה. לעולם לא נבקש ממך להתקשר או לשלוח הודעת טקסט למספר טלפון או לשתף מידע אישי. נא לדווח על כל פעילות חשודה באמצעות באפשרות ״דיווח על שימוש לרעה״.

מידע נוסף

Lax Cookie Not Sent in iFrame on 302 Redirection

  • 3 תגובות
  • 1 has this problem
  • 3 views
  • תגובה אחרונה מאת brian.l.coker

more options

I’m building an Angular application that is using OAuth2 Auth Code w/PKCE. The app uses hidden iframes to silently renew access tokens. I found that when the OAuth2 authorization serve redirects the iFrame to {parent origin}/silent-refresh.html with a 302, Firefox does not send any cookies set with SameSite: Lax.

SameSite: None cookies are sent as expected.

I compared this with IE and Chrome and both of those browser send the Lax cookies on when redirecting due to a 302.

This problem seems to only occur when the iFrame is being redirected via 302 from a different origin. I.e requests from a basic iFrame to the parent page origin send Lax cookies with no problem.

Anyone experience this? Is this expected behavior for Firefox?

Firefox Version 68.8

I’m building an Angular application that is using OAuth2 Auth Code w/PKCE. The app uses hidden iframes to silently renew access tokens. I found that when the OAuth2 authorization serve redirects the iFrame to {parent origin}/silent-refresh.html with a 302, Firefox does not send any cookies set with SameSite: Lax. SameSite: None cookies are sent as expected. I compared this with IE and Chrome and both of those browser send the Lax cookies on when redirecting due to a 302. This problem seems to only occur when the iFrame is being redirected via 302 from a different origin. I.e requests from a basic iFrame to the parent page origin send Lax cookies with no problem. Anyone experience this? Is this expected behavior for Firefox? Firefox Version 68.8

כל התגובות (3)

more options

Does this also happen in current Firefox releases (current is 78.0.1) ?

There were some changes in Firefox 69.

more options

I’m working on getting a new version. My corporate version of Firefox comes bundled with some MFA software. So it hasn’t been as easy as just downloading the latest and retesting.

more options

Okay I was able to test this with 78.0.1 (64-bit) and the behavior is the same.