Revert "Fix CAS Login for local development" (#3949)

* Revert "Fix CAS Login for local development" * Remove cookie sameSite strict Co-authored-by: Jane Sandberg <[email protected]> Co-authored-by: Kevin Reiss <[email protected]> --------- Co-authored-by: Jane Sandberg <[email protected]> Co-authored-by: Kevin Reiss <[email protected]>
pulibrary · Jan 24, 2024 · 18fd19c · 18fd19c
1 parent 40372d6
commit 18fd19c
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 10 deletions.
diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb
@@ -3,9 +3,3 @@
 # Be sure to restart your server when you modify this file.
 
 Rails.application.config.action_dispatch.cookies_serializer = :json
-
-# Strict Same Site Protection protects users from CSRF attacks from non-Princeton
-# domains.  However, when running orangelight on localhost, the CAS login page is
-# on a different domain from orangelight (localhost vs. *.princeton.edu), so
-# we exclude the dev environment from these protections so they can use CAS locally.
-Rails.application.config.action_dispatch.cookies_same_site_protection = :strict unless Rails.env.development?
diff --git a/spec/requests/cookies_spec.rb b/spec/requests/cookies_spec.rb
@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Cookies' do
-  it 'sets SameSite=strict' do
-    get '/'
-    expect(response.headers['Set-Cookie']).to include('SameSite=Strict')
-  end
   it 'sets HttpOnly' do
     get '/'
     expect(response.headers['Set-Cookie']).to include('HttpOnly')