CORS_ALLOW_CREDENTIALS documentation should include a note about cookie samesite settings
See original GitHub issueCORS_ALLOW_CREDENTIALS
allows cookies to be sent in cross-domain responses, but the default settings on SESSION_COOKIE_SAMESITE
is "Lax"
instead of None
, meaning the cookie won’t get sent anyway. It isn’t required, since there might be other cookies you want to send, but a note would be nice.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:6 (4 by maintainers)
Top Results From Across the Web
CORS_ALLOW_CREDENTIALS documentation ... - GitHub
CORS_ALLOW_CREDENTIALS allows cookies to be sent in cross-domain responses, ... should include a note about cookie samesite settings #344.
Read more >SameSite cookies - HTTP - MDN Web Docs
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or ......
Read more >SameSite cookies explained - web.dev
Learn how to mark your cookies for first-party and third-party usage with the SameSite attribute. You can enhance your site's security by ...
Read more >Work with SameSite cookies in ASP.NET Core | Microsoft Learn
Setting the SameSite property to Strict , Lax , or None results in those values being written on the network with the cookie....
Read more >Get Ready for New SameSite=None; Secure Cookie Settings
With Chrome 80 in February, Chrome will treat cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies with the SameSite=None...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@jonathan-golorry Thank you for your comment. I have spent almost 1 day trying to find where the trouble is.
Indeed it should not!