-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Partitioned attribute in sticky cookies #10428
Comments
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can you evolve a bit more on the proposal? How would this annotation look like? What is the impact on users that enable it, for browsers that doesn't support it like Safari? Thanks |
Sure, I propose, that there is a new annotation
|
Any update on this? |
This is fairly urgent, since Chrome has already started the phase-out process for third-party cookies (3PC) and has already stopped accepting 3PC without CHIPS for 1% of users since January 4th by default. That implies that session stickiness in a cross-domain context already stopped working for 1% of Chrome users. Full phase-out is scheduled for Q3 this year. See 3PC advisory from Google |
Maybe enforce "Secure" too in case it's partitioned. |
It seems that adding |
/assign @khujo when is this coming into affect ? |
@longwuyuan I have implemented most of the changes in my fork here: https://github.com/avif/ingress-nginx/tree/partitioned-cookie-support - waiting on the "resty.cookie" merge. |
Partitioned cookie support has been merged to "resty.cookie" (v.0.3.0), I have updated my fork - will do some testing and submit a PR soon. |
@longwuyuan FYI I submitted a PR. |
Thank you very much. I saw that PR. Helps. Best regards.
…On Fri, 12 Apr, 2024, 12:39 am avif, ***@***.***> wrote:
@longwuyuan <https://github.com/longwuyuan> FYI I submitted a PR.
—
Reply to this email directly, view it on GitHub
<#10428 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABGZVWTEJPJQ4KYFKMIATKLY43NVFAVCNFSM6AAAAAA47OUGA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJQGM2DAOJQHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
All major browser vendors have or will limit the use of third party cookies in their browsers in the near future. ingress-nginx uses cookies to support sticky sessions. This will become an issue in certain scenarios when ingres-nginx serves an endpoint that is a third party to a web application.
To prevent the use of third party cookies for tracking and still enable use cases like this, there is a W3C proposal that enables partitioning cookie data using the first party URL as additional key. (https://github.com/privacycg/CHIPS)
Chrome and Firefox will support CHIPS, while Safari is still undecided.
ingress-nginx should also support CHIPS by adding an attribute like
nginx.ingress.kubernetes.io/session-cookie-partitioned
so that users can opt-in to use partitioned cookie state.The text was updated successfully, but these errors were encountered: