As web programmers, we cannot be separated from the Web Browser. Without a Web Browser the application that we developed would be impossible for the user to use. Unfortunately, we cannot control the Web Browser type and Web Browser version that used by our client. If the version of the Web Browser is outdated, of course, it can cause our application to run improperly. Sometimes the newest versions of Web Browser also can cause a problem. At least I have had 3 unpleasant experiences regarding the latest version of Web Browser which make the application that I developed not running properly.
The first experience was when the application that we (my workplace) developed suddenly could not print directly from the web to the printer, whereas previously it was just fine. Apparently, because at that time the library that we were using was still using a java applet, while the latest version of the Web Browser that used by the user at that time rejected the java applet because it was considered insecure. Fortunately, the library creator was quite responsive and immediately created a version that no longer uses a java applet.
The second experience was when we (my workplace) have to connect the application that we developed to a hardware device. To get the data from that hardware, we have to do an ajax request to a built-in hardware application that is installed on the user’s computer. So we have to send an ajax request to localhost. Initially, the application that we developed ran smoothly, but after a few months, the Web Browser that is used by the user performs automatic updates to the latest version. Unfortunately the latest version of the Web Browser refuses connection to localhost if there is no Access-Control-Allow-Origin: * in the response header. We have tried to contact the hardware supplier to add the code above, so that there is no CORS error again. Unfortunately, our request was denied. Luckily there are several add-ons that can solve this problem.
The third experience, which I just experienced, was when we developed an odoo addon for accept payment in e-commerce. When a user places an order in e-commerce, and when he/she makes a payment, he/she will be directed to the payment gateway website. After he/she completes the payment on the payment gateway website, he/she will be redirected to the e-commerce website again. Initially, this process went well and has been implemented on the client’s server for several months.
But after the latest update on the Web Browser, when the user from the payment gateway was redirected to the e-commerce website again, suddenly he was logged out. So he couldn’t see his order. Force him to log in again, and this is inconvenient.
After I researched it, it turned out that when the user from the payment gateway website was redirected to the e-commerce website again, the cookies stored in the Web Broser were replaced, so odoo considered him still not logged in. After surfing on various forums, it turns out that this is experienced by many users, not only odoo users but also other application/framework users. So this is not a bug in odoo or in the addons that we developed.
Then, is there a solution to solve this problem ?
To solve this problem we have to add some configuration to cookies. We can add it in odoo directly or in a web server (Nginx/Apache). I chose to add this configuration to the web server according to the suggestions of several users on several forums. Because I use Nginx I have to add code like this in the Nginx configuration.
proxy_cookie_path / "/; SameSite=None; HTTPOnly; Secure";
Restart the Nginx service. Then open the application in a Web Browser. In the developer tools at the Response Header section, make sure the added configuration is visible, like in the image below.
Important!!! Use HTTPS
Next, make sure to use https. Because even though the cookies configuration has been added, if the application that we develop is opened not from https the cookies configuration will be rejected by the Web Browser, like the image below.
I hope this article is useful for you.