Skip to content

Commit

Permalink
Set samesite cookie value to none
Browse files Browse the repository at this point in the history
As requested by Bart (excuse my Dutch)

Inkomende SAML assertions vallen altijd onder cross-site POSTs, en die worden
geblokkeerd als je niet expliciet SameSite=none zet.

Onze loadbalancer herschrijft cookies wel, maar alleen als ze zelf geen
samesite zetten
  • Loading branch information
MKodde committed Jan 24, 2024
1 parent c69fe9e commit 1e55b77
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/packages/framework.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ framework:
name: sess_selfservice
cookie_httponly: true
cookie_secure: true
cookie_samesite: lax
cookie_samesite: none

fragments: false
error_controller: Surfnet\StepupSelfService\SelfServiceBundle\Controller\ExceptionController::show
Expand Down

0 comments on commit 1e55b77

Please sign in to comment.