We Keep Coding

SameSite: lax cookie doesn't work with Safari

I have a website www.hello.app (example url) and a server www.server.hello.app. The server sends http-only cookie for authentification.
I've added the attribute sameSite: "lax" when creating the cookie. sameSite: "none" and sameSite: "lax" don't work with Safari. It doesn't store any cookie, so the user can't perform any request on the server.
return res
.status(200)
.cookie("hello", token, {
expires: new Date(Date.now() + msPerDay * 14),
httpOnly: true,
secure: true,
sameSite: "lax",
})
.json({ user });
I've heard it's a bug, but I can't believe such a widely used browser hamper authenticated requests like this!
Is there a way to fix this?

GCIP - enable authorization code grant flow using OIDC based external provider

Trying to configure GCIP with Salesforce Identity as IDP. Tried configuring OIDC based integration. Noticed that there is no field for providing (sfdc) client secret for OIDC based configuration. Also, the response_type=id_token is getting invoked from GCIP side. We want to use authorization code flow (response_type=code) to integrate with SFDC. Is it possible?

Code flow for OIDC providers is supported on the GCIP backend. It is just not yet exposed in the Cloud Console or the Admin SDKs.
Notice it is documented here in the REST API.
You will need to set {code: true}
Here is a snippet in Node.js (untested):
// https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.oauthIdpConfigs/patch
return new Promise((resolve, reject) => {
request({
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json',
},
url: `https://identitytoolkit.googleapis.com/admin/v2/projects` +
`/${projectId}/oauthIdpConfigs/${oidcProviderId}?updateMask=responseType`,
method: 'PATCH',
body: JSON.stringify({
responseType: {
idToken: true,
code: true,
}
}),
}, (error, response) => {
if (!error && response.statusCode === 200) {
resolve();
} else {
reject(error);
}
});
});
});

CSRF Token request position Django and Nuxt

lately i'm trying to implement a login api for a website.
I'm using Nuxt for the FE, Django REST Framework for the BE and Nuxt Auth Module for the JWT.
Now I tryed to use the normal option for implement my api:
https://auth.nuxtjs.org/schemes/local.html#options
auth: {
localStorage: false,
redirect: {
logout: '/login'
},
cookie: { options: { expires: 7} },//7 minuti
strategies: {
local: {
endpoints: {
login: { url: 'http://127.0.0.1:7777/api/users/login/', method: 'post', propertyName: false},
user: { url: 'http://127.0.0.1:7777/api/users/infoUser/', method: 'get', propertyName: false},
logout: { url: 'http://127.0.0.1:7777/api/users/logout/', method: 'post'},
},
tokenRequired: false,
tokenType: false
}
}
},
but in Django I don't see the token on vscode debug mode.
I need the token for retrieve the user infos.
Can someone help me?
Thank you.

I got it working with the standard Django Restframework endpoint: link
This returns the token which will be set automatically by NuxtJS. In <app>/urls.py I have:
urlpatterns = [
path('login', views.obtain_auth_token, name='login'),
path('user', Views.CurrentUser.as_view()),
path('logout', Views.Logout.as_view()),
]
With the user and logout endpoint being endpoints I created myself.
If this doesn't work can you spicify your way of working on the BE?

Set multi endpoints in S3 fine uploader for AWS

The below code works fine for the single endpoint, how to set it for multi endpoints. Please help me.
My requirement is to upload the same file into multiple AWS Buckets.
var uploader = new qq.s3.FineUploader({
//debug: true,
element: document.getElementById('fine-uploader-s3'),
template: 'qq-template-s3',
request: {
endpoint: 'https://s3.amazonaws.com/amazon-bucket',
accessKey: '123456789'
},
signature: {
endpoint: 's3Upload.php'
},
uploadSuccess: {
endpoint: 's3Upload.php?success'
},
iframeSupport: {
localBlankPagePath: '/success.html'
},
retry: {
enableAuto: false // defaults to false
},
cors: {
//all requests are expected to be cross-domain requests
expected: true,
//if you want cookies to be sent along with the request
sendCredentials: true
}
});

Cannot deploy ember app in Firebase

I am unable to deploy my ember application in Firebase. I can only see the welcome page of Firebase hosting:
You're seeing this because you've successfully setup Firebase Hosting. Now it's time to go build something extraordinary!
I have installed the EmberFire add-on, as well as the Firebase tool.
My config file looks like this:
module.exports = function(environment) {
var ENV = {
modulePrefix: 'sample',
environment: environment,
rootURL: '/',
locationType: 'auto',
firebase : {
apiKey: 'xxxxxx',
authDomain: 'xxxxx',
databaseURL: 'xxxx',
storageBucket: 'xxxxx',
messagingSenderId: 'xxxxx'
},
EmberENV: {
FEATURES: {
// Here you can enable experimental features on an ember canary build
// e.g. 'with-controller': true
}
},
APP: {
// Here you can pass flags/options to your application instance
// when it is created
}
};
if (environment === 'development') {
// ENV.APP.LOG_RESOLVER = true;
ENV.APP.LOG_ACTIVE_GENERATION = true;
ENV.APP.LOG_TRANSITIONS = true;
ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
ENV.APP.
LOG_VIEW_LOOKUPS = true;
}
Firebase.json:
{
"database": {
"rules": "database.rules.json"
},
"hosting": {
"public": "dist",
"rewrites": [
{
"source": "**",
"destination": "/index.html"
}
]
}
}
I have built the app and deployed using following commands:
ember build --prod
firebase login
firebase init
firebase deploy
Thanks in advance :-)

When you initialise your ember.js app with firebase init command for the first time, you will be prompted that
? File dist/index.html already exists. Overwrite? (y/N)
respond with No. Responding with yes will allow the default firebase hosting welcome page override your ember app index.html file, which is why you are still greeted with the firebase hosting welcome page.