From fea8f89a57ccf20afdd6ee4b20b8be6b9e111af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Pretto?= <info@npretto.com>
Date: Tue, 4 Jun 2024 13:05:06 +0200
Subject: [PATCH] temporarily removes the SameSite=None suggestion box (#43524)

* temporarily removes the SameSite=None suggestion box

* fix copy
---
 .../EmbeddingAppSameSiteCookieDescription.tsx              | 7 ++++++-
 .../SettingsEditor/tests/embedding.unit.spec.tsx           | 3 ++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx b/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx
index f86690d2981..8b329d481be 100644
--- a/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx
+++ b/enterprise/frontend/src/metabase-enterprise/embedding/components/EmbeddingAppSameSiteCookieDescription/EmbeddingAppSameSiteCookieDescription.tsx
@@ -31,7 +31,7 @@ export const EmbeddingAppSameSiteCookieDescription = () => {
       {shouldDisplayNote && <AuthorizedOriginsNote />}
       {/* eslint-disable-next-line no-literal-metabase-strings -- Metabase settings */}
       <Text>{t`Determines whether or not cookies are allowed to be sent on cross-site requests. You’ll likely need to change this to None if your embedding application is hosted under a different domain than Metabase. Otherwise, leave it set to Lax, as it's more secure.`}</Text>
-      <Text>{jt`If you set this to None, you'll have to use HTTPS (unless you're just embedding locally), or browsers will reject the request. ${(
+      <Text>{jt`If you set this to None, you'll have to use HTTPS, or browsers will reject the request. ${(
         <ExternalLink key="learn-more" href={docsUrl}>
           {t`Learn more`}
         </ExternalLink>
@@ -59,6 +59,11 @@ function AuthorizedOriginsNote() {
 function authorizedOriginsContainsNonInstanceDomain(
   authorizedOriginsString: string,
 ): boolean {
+  // temporarily disabled because it suggest wrong SameSite value
+  // for local development, where the origin is localhost and when the protocol is not specified
+  // metabase#43523
+  return false;
+
   if (isEmpty(authorizedOriginsString)) {
     return false;
   }
diff --git a/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx b/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx
index 564a191ba8b..3a9c993a2fd 100644
--- a/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx
+++ b/frontend/src/metabase/admin/settings/app/components/SettingsEditor/tests/embedding.unit.spec.tsx
@@ -46,7 +46,8 @@ describe("SettingsEditor", () => {
     ).not.toBeInTheDocument();
   });
 
-  describe("SameSite cookie note check with authorized origins", () => {
+  // eslint-disable-next-line jest/no-disabled-tests -- disabled until metabase#43523
+  describe.skip("SameSite cookie note check with authorized origins", () => {
     it("should display a note if any authorized origins do not match the instance domain", async () => {
       await setupEmbedding({
         settings: [
-- 
GitLab