Users cannot login - CSRF cookie not set

There is a new google chrome update that is rejecting cookies with the following message:

This Set-Cookie was blocked because it had the “SameSite=None” attribute but did not have the “Secure” attribute, which is required in order to use “SameSite=None”.

You can see further information here: https://discuss.openedx.org/t/lti-xblock-and-samesite/759/15

Pull request were referenced there.

In the meanwhile I fixed the problem adding:

DCS_SESSION_COOKIE_SAMESITE = 'Lax'

In env/apps/openedx/settings/lms/production.py and env/apps/openedx/settings/cms/production.py

2 Likes

Hi @juansele,

Thank you so much for the tip. Should I be able to make a similar change to https://github.com/edx/edx-platform/pull/24593/files? We’re using our forked version of edx-platform. I’m just wondering what exact env file to use. Is it devstack.py or other file?

Hi @juansele

Thanks for the hint. I just want to make sure that the lines to add are:

# django-session-cookie middleware
DCS_SESSION_COOKIE_SAMESITE = 'Lax'

Isn’t lax should in double quotes like this “Lax”?
Did you have to run to rebuild the docker image? or just run “tutor local quickstart”?

Thanks

Hello @nachham,
editing those files is not the tutor way to go. So I’ve created a plugin so the change persist between rebuilds.

To install/use it please follow:

tutor plugins install https://gist.githubusercontent.com/juansele/23540d016918d31755b05ccf1bdd4afc/raw/4ce2ab173e7f8bbbbce12acd178c32d6f48c5c44/tempchromecsrffix.yml
tutor plugins enable tempchromecsrffix
tutor config save
tutor local reboot

Just for the sake of clarity, in the case you want to make the edits manually:

  • It is a python file so you can use either single or double quotes.
  • We are editing files within a “docker volume”, so all you need to do is tutor local restart cms. However those files are dynamically generated and overwritten when you do a tutor config save (which tutor local quickstart performs).

Hello @tuananh-pham,
I am not sure which one you should edit for a non-tutor installation. In the forum I linked they do edit devstack.py indeed.

Thanks @juansele
Cheers

Hi. We are using tutor k8s deployment, with custom edx-platform fork. Should we change the devstack.py file?

I suggest you use the plugin. Let me know if it works