Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BGDIINF_SB-3115: Fixed IOS 16.6 403 Forbidden #59

Merged
merged 1 commit into from
Sep 14, 2023
Merged

BGDIINF_SB-3115: Fixed IOS 16.6 403 Forbidden #59

merged 1 commit into from
Sep 14, 2023

Conversation

ltshb
Copy link
Contributor

@ltshb ltshb commented Sep 14, 2023

Apparently IOS 16.6.1 (some other previous version might also be concerd) has
a bug and set Sec-Fetch-Site=cross-site even if the request is originated
(same origin and/or referrer) from the same site ! Therefore to avoid issue on
IOS we first checks the referrer before checking Sec-Fetch-Site even if this not
correct/safe (Referrer header is easily hacked, while Sec-Fetch-Site is always
overwritten by the browser).

Also clean up makefile, differentiating between make dev and make setup
doesn't make sense as we never install locally without the dev dependencies and
nowadays most of our services only have make setup with dev dependencies.

@ltshb
BGDIINF_SB-3115: Fixed IOS 16.6 403 Forbidden
bad3457 
Apparently IOS 16.6.1 (some other previous version might also be concerd) has
a bug and set Sec-Fetch-Site=cross-site even if the request is originated
(same origin and/or referrer) from the same site ! Therefore to avoid issue on
IOS we first checks the referrer before checking Sec-Fetch-Site even if this not
correct/safe (Referrer header is easily hacked, while Sec-Fetch-Site is always
overwritten by the browser).

Also clean up makefile, differentiating between `make dev` and `make setup`
doesn't make sense as we never install locally without the dev dependencies and
nowadays most of our services only have `make setup` with dev dependencies.
@github-actions github-actions bot added the bug label Sep 14, 2023
hansmannj
hansmannj approved these changes Sep 14, 2023
View reviewed changes
Copy link
Member

@hansmannj hansmannj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing!
LGTM 👍

@ltshb ltshb merged commit b90be43 into develop Sep 14, 2023
2 checks passed
@ltshb ltshb deleted the bug-BGDIINF_SB-3115-403 branch September 14, 2023 09:21
@ltshb ltshb mentioned this pull request Aug 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hansmannj hansmannj hansmannj approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ltshb @hansmannj