Skip to content

fix: use SameSite=None for embed cookie#743

Merged
mcdurdin merged 1 commit into
stagingfrom
fix/15957-embed-query
May 18, 2026
Merged

fix: use SameSite=None for embed cookie#743
mcdurdin merged 1 commit into
stagingfrom
fix/15957-embed-query

Conversation

@mcdurdin
Copy link
Copy Markdown
Member

@mcdurdin mcdurdin commented May 18, 2026

In order for the cookie to be set on Keyman for Windows embed keyboard search, we need SameSite=None, because otherwise Chromium will block it as a cross-site cookie, due to the the embed being in an iframe.

Relates-to: keymanapp/keyman#15957
Test-bot: skip

@mcdurdin
fix: use SameSite=None for embed cookie
b427326 
In order for the cookie to be set on Keyman for Windows embed keyboard
search, we need SameSite=None, because otherwise Chromium will block
it as a cross-site cookie, due to the the embed being in an iframe.

Relates-to: keymanapp/keyman#15957
Test-bot: skip
@keymanapp-test-bot
Copy link
Copy Markdown

keymanapp-test-bot Bot commented May 18, 2026

User Test Results

Test specification and instructions

User tests are not required

@mcdurdin mcdurdin requested a review from darcywong00 May 18, 2026 11:10
@github-project-automation github-project-automation Bot moved this to Todo in Keyman May 18, 2026
@github-actions github-actions Bot added the fix label May 18, 2026
@keymanapp-test-bot keymanapp-test-bot Bot added this to the A19S29 milestone May 18, 2026
@mcdurdin mcdurdin mentioned this pull request May 18, 2026
Closed
darcywong00
darcywong00 reviewed May 18, 2026
View reviewed changes
Comment thread _content/keyboards/session.php
//
// Note: 'SameSite=None; secure' is required for embedding in Keyman
// Configuration for Windows because that uses an iframe to embed the search
setcookie('embed_keyboards_no_locale_redirect', '1', ["secure" => true, "samesite" => 'None', 'path' => '/']);
Copy link
Copy Markdown
Contributor

@darcywong00 darcywong00 May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, this uses a different casing from ll 3-4?

session_set_cookie_params(["SameSite" => "None"]);   // Allow use in iframe, needed for Download Keyboards dialog
    session_set_cookie_params(["Secure" => "true"]);     // None requires Secure to be set

Copy link
Copy Markdown
Member Author

@mcdurdin mcdurdin May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah seems slightly different, but PHP appears not to care.

darcywong00
darcywong00 approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@darcywong00 darcywong00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcdurdin mcdurdin merged commit 6040ea0 into staging May 18, 2026
6 checks passed
@mcdurdin mcdurdin deleted the fix/15957-embed-query branch May 18, 2026 13:38
@github-project-automation github-project-automation Bot moved this from Todo to Done in Keyman May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@darcywong00 darcywong00 darcywong00 approved these changes

Assignees

No one assigned

Labels

fix

Projects

Keyman
Status: Done

Milestone

A19S29

Development

Successfully merging this pull request may close these issues.

3 participants

@mcdurdin @darcywong00 @keyman-status