jquery.fileDownload icon indicating copy to clipboard operation
jquery.fileDownload copied to clipboard
verified publisher icon johnculviner

Changes to Chrome will break fileDownload soon.

Open arkytn opened this issue 6 years ago • 6 comments

The filedownload cookie needs to be modified to work with coming changes to Chrome.

A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032T

Just need to document the cookie format for this problem.

Set-Cookie: fileDownload=true; path=/ Secure SameSite=None

arkytn avatar Dec 21 '19 15:12 arkytn

Just to be clear @arkytn, do we just need to adjust the cookie to be fileDownload=true; path=/ Secure SameSite=None?

joshuapinter avatar Jan 30 '20 02:01 joshuapinter

Here's an example from code I got working and this suppressed Chrome's warnings.

Set-Cookie: fileDownload=true; path=/; SameSite=None; Secure

arkytn avatar Jan 30 '20 13:01 arkytn

Thanks @arkytn. Two questions for you:

  1. Do you happen to have a screenshot of the warning that Chrome provides? And What version of Chrome this starts appearing on?

  2. Does it prevent the file from downloading? And/or does it prevent the AJAX call from returning successfully?

We're tracking down an issue with a client and we're trying to see if this is the issue or if it's something else.

Thanks!

joshuapinter avatar Jan 30 '20 17:01 joshuapinter

No it doesn't stop the download. At this point it's a warning. Warning message in Console:

A cookie associated with a cross-site resource at http://cloudflare.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

arkytn avatar Jan 30 '20 18:01 arkytn

Awesome, thanks for the clarification!

joshuapinter avatar Jan 30 '20 18:01 joshuapinter

In jquery.fileDownload.js, in function checkFileDownloadComplete(), the line var cookieData = settings.cookieName + "=; path=" + settings.cookiePath + "; expires=" + new Date(0).toUTCString() + ";";

needs to be var cookieData = settings.cookieName + "=; path=" + settings.cookiePath + "; expires=" + new Date(0).toUTCString() + "; secure=true;";

i.e. add secure=true; to remove the warning in Firefox:

Cookie “fileDownload” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite jquery.fileDownload.js:356:5

Also, perhaps the comment on the previous line, //remove cookie, could be more descriptive.

Darkicorn avatar Oct 27 '20 17:10 Darkicorn