Skip to content
Snippets Groups Projects
Select Git revision
1 result Searching

uffd-nginxauth

Forked from uffd / uffd-nginxauth
Source project has a limited visibility.
View merge request
Russ Garrett's avatar
Set session cookie to be `SameSite=Lax`
Russ Garrett authored 
This avoids a "enable cookies and refresh 2 times to continue" error
which can't be bypassed after clicking a link from a different site to
a site protected by uffd-nginxauth.

In order for a `SameSite=Strict` cookie to be sent, there needs to be at
least one *user* navigation on the site first (clicking an external link
to the site and receiving a redirect doesn't count).

From MDN:

> [SameSite=Strict] should be used when you have cookies relating to
> functionality that will *always be behind an initial navigation*,
> such as authentication or storing shopping cart information.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#controlling_third-party_cookies_with_samesite
df4ac048
History
Russ Garrett's avatar df4ac048
History
Name Last commit Last update

Impressum - Datenschutzerklärung