spiroue Posted 2 hours ago Share Posted 2 hours ago Hi, I have clients using a processwire site from with other applications (eg browsers in those apps) previously the site was locked down on IP ranges and login was not required. Now that is changed and login is required. One of the clients now get 500 internal server error when trying to login. I think it is related to the session cookies. This is what I've tried: In httpd.conf: Header always set Content-Security-Policy "frame-ancestors 'self' client1.domain.com client2.domain.com"; This I can see also see is set by looking at the headers. Then I'm trying to set SameSite=None wich I can't get to be working, I've tried: In .htaccess: Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None In site/config.php: ini_set('session.cookie_samesite', 'None'); and... $config->cookieOptions = [ 'secure' => true, 'samesite' => 'None', ] But still cookies looks like this: Does anyone have an idea why the cookie options seems to be the same, no matter how I configure above? And do you believe I'm on the the right path solving the issue or can it be something else? Running an old Processwire 3.0.123-0 Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now