- Đã lưu trữ
Firefox claims SameSite is set to Lax, while set-cookie contains SameSite=None and Secure
Our backend sets a cookie for maintaining login sessions with SameSite=None and Secure (to support loading our front-end from localhost for developers and from a third pa… (xem thêm)
Our backend sets a cookie for maintaining login sessions with SameSite=None and Secure (to support loading our front-end from localhost for developers and from a third party domain for PR previews).
This is the respose header:
set-cookie: ESESSIONID=<redacted>; Secure; HttpOnly; Path=/; SameSite=None; Max-Age=86399
However, Firefox does not send the cookie back with requests, but logs this error in the console:
Cookie “ESESSIONID” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.
We have worked around the issue by configuring exceptions in the Security & Privacy settings, but I am curious to why Firefox rejects the cookie with this error message.