Set session cookie to be `SameSite=Lax`
This avoids a "enable cookies and refresh 2 times to continue" error which can't be bypassed after clicking a link from a different site to a site protected by uffd-nginxauth.
In order for a SameSite=Strict
cookie to be sent, there needs to be at
least one user navigation on the site first (clicking an external link
to the site and receiving a redirect doesn't count).
From MDN:
[SameSite=Strict] should be used when you have cookies relating to functionality that will always be behind an initial navigation, such as authentication or storing shopping cart information.
Merge request reports
Activity
Please register or sign in to reply