Hi, thanks for great app and community. I have some issues with cookie due chrome security update. Here the message look like on console devtools.
A cookie associated with a cross-site resource at http://xxx.xxx.xxx.xxx/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`
Due chrome show this cookie warning message, i think it traccar-server should have this configuration option for cross-site cookie. we are helpless using WebSocket API due cookie cross-site warning because traccar-server not send properly
set-cookie header (without "SameSite"), so chrome default set them as "SameSite=Lax". So we need configuration options on
traccar.xml to set this cookie options to
none, lax, or secure.
I am working on
localhost and the traccar server running on VPS, so that's why chrome mark it as cross-site and i can't use websocket API. I call "api/session" first and then connect to websocket to make sure response header
set-session work, it just work before chrome update their security. Now when i call websocket api we are missing session on request header so websocket immediately
finished and return
failed: Error during WebSocket handshake: Unexpected response code: 503. It's happend only when it's running on localhost, and work perfectly on production server with same-site IP/Domain.
how do you think about this issues?
You might need to modify the code to include required headers.
which file of code should i modify?
i am not familiar with java yet so i need your suggest, please
And why traccar-server socket api using session instance of using basic authentication or token?
I'm facing the same problem, I'm not a java expert but I'm willing to modify the code if necessary, I just need some light in my path and if someone in this forum can tell which is the file that should be modified would be more than grateful
In the next release it will be possible to configure SameSite attribute like this:
@Anton that was we're looking for. that's cool. thanks to make it happend. I appreciate you and all contributors for their hard work.
FYI: just for now, to make it work with chrome, i have to disabled feature SameSite for default cookie on
chrome://flags/#same-site-by-default-cookies. Cause it's needed only when i am working on local development env, so it's a just temporary solution for now.