temporarily removes the SameSite=None suggestion box (#43524)

* temporarily removes the SameSite=None suggestion box * fix copy

temporarily removes the SameSite=None suggestion box (#43524)
fea8f89a · Nicolò Pretto · GitHub · ecad0c94 · fea8f89a · fea8f89a
Unverified Commit fea8f89a authored 9 months ago by Nicolò Pretto Committed by GitHub 9 months ago
--- a/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx
+++ b/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx
@@ -31,7 +31,7 @@ export const EmbeddingAppSameSiteCookieDescription = () => {
      {shouldDisplayNote && <AuthorizedOriginsNote />}
      {/* eslint-disable-next-line no-literal-metabase-strings -- Metabase settings */}
      <Text>{t`Determines whether or not cookies are allowed to be sent on cross-site requests. You’ll likely need to change this to None if your embedding application is hosted under a different domain than Metabase. Otherwise, leave it set to Lax, as it's more secure.`}</Text>
-      <Text>{jt`If you set this to None, you'll have to use HTTPS (unless you're just embedding locally), or browsers will reject the request. ${(
+      <Text>{jt`If you set this to None, you'll have to use HTTPS, or browsers will reject the request. ${(
        <ExternalLink key="learn-more" href={docsUrl}>
          {t`Learn more`}
        </ExternalLink>
@@ -59,6 +59,11 @@ function AuthorizedOriginsNote() {
 function authorizedOriginsContainsNonInstanceDomain(
  authorizedOriginsString: string,
 ): boolean {
+  // temporarily disabled because it suggest wrong SameSite value
+  // for local development, where the origin is localhost and when the protocol is not specified
+  // metabase#43523
+  return false;
+
  if (isEmpty(authorizedOriginsString)) {
    return false;
  }

--- a/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx
+++ b/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx
@@ -46,7 +46,8 @@ describe("SettingsEditor", () => {
    ).not.toBeInTheDocument();
  });

-  describe("SameSite cookie note check with authorized origins", () => {
+  // eslint-disable-next-line jest/no-disabled-tests -- disabled until metabase#43523
+  describe.skip("SameSite cookie note check with authorized origins", () => {
    it("should display a note if any authorized origins do not match the instance domain", async () => {
      await setupEmbedding({
        settings: [