Chrome Cross-Site Cookie
You might need to modify the code to include required headers.
which file of code should i modify?
i am not familiar with java yet so i need your suggest, please
And why traccar-server socket api using session instance of using basic authentication or token?
I'm facing the same problem, I'm not a java expert but I'm willing to modify the code if necessary, I just need some light in my path and if someone in this forum can tell which is the file that should be modified would be more than grateful
In the next release it will be possible to configure SameSite attribute like this:
<entry key='web.sameSiteCookie'>None</entry>@Anton that was we're looking for. that's cool. thanks to make it happend. I appreciate you and all contributors for their hard work.
FYI: just for now, to make it work with chrome, i have to disabled feature SameSite for default cookie on chrome://flags/#same-site-by-default-cookies. Cause it's needed only when i am working on local development env, so it's a just temporary solution for now.
Hi Anton,
Does SameSiteCookie attribute configured in version 4.11? Because I tried this attribute in default.xml, but JSESSIONID cookie still blocked by chrome, In Chrome, JSESSIONID is visible in issues tab under "affected resources", but unable to receive the said cookie in response header. I have also disabled SameSite for default cookie chrome feature but no results. Any suggestions please.
Hi,
I'm also having the same issue, and disabling SameSite for cookies doesn't work, neither does adding the <entry key='web.sameSiteCookie'>None</entry> into traccar.xml or default.xml. Can you please provide a clear guide on what to change in the code as to workaround this issue?
The problem is I'm running, in development, a different web-app serving my custom frontend which communicates with traccar's backend, both servers are on localhost, ports 5000 and 8082 respectively. The connection is over http. Setting SameSite=None on cookie doesn't work unless I also set the cookie to Secure, which isn't viable over a http connection, so the cookie is ultimately rejected.
I'm aware this issue will be solved in production but I need to test my app's functionalities locally, I can't find a solution thus far.
Can I solve this using some proxying for my app?
Any help would be appreciated, thanks.
Can't you have a local proxy? That's what we do for the modern app development setup.
I'm sorry I'm not really experienced in web/app development. Could you point me to a good resource?
A resource for configuring a local proxy I mean.
It will probably depend on the tooling that you use, but this is what we have for our local environment:
https://github.com/traccar/traccar-web/blob/master/modern/src/setupProxy.js
Hi, thanks for great app and community. I have some issues with cookie due chrome security update. Here the message look like on console devtools.
Due chrome show this cookie warning message, i think it traccar-server should have this configuration option for cross-site cookie. we are helpless using WebSocket API due cookie cross-site warning because traccar-server not send properly
set-cookieheader (without "SameSite"), so chrome default set them as "SameSite=Lax". So we need configuration options ontraccar.xmlto set this cookie options tonone, lax, or secure.I am working on
localhostand the traccar server running on VPS, so that's why chrome mark it as cross-site and i can't use websocket API. I call "api/session" first and then connect to websocket to make sure response headerset-sessionwork, it just work before chrome update their security. Now when i call websocket api we are missing session on request header so websocket immediatelyfinishedand returnfailed: Error during WebSocket handshake: Unexpected response code: 503. It's happend only when it's running on localhost, and work perfectly on production server with same-site IP/Domain.how do you think about this issues?