When is the new default value (On/Strict) for OIDCCookieSameSite useful and applicable? #1155
-
Hi, Is it correct that the new default value would only be useful/working for in-house hosted IDP (relays) using the same domain? Any advise for proper configuration would be greatly appreciated! Error message after login in to IDP successfully and being redirected to "/redirect_uri": Logs (indicating that state cookie is missing):
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
this is not so much about the state cookie - which would have |
Beta Was this translation helpful? Give feedback.
-
I'm simply accessing (for testing): |
Beta Was this translation helpful? Give feedback.
Ups, should've replied here instead of adding a separate comment, I guess.
I've made progress: I'm using OIDCResponseMode "form_post" and I believe this doesn't work well with "Lax" cookies if initiated cross-site, right?
Changing it to "query" solved it, I believe.