Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: adding a line about CSRF cookie problems (#1843)
Issue I experienced today, running Hydra 1.4.10 in dangerous HTTP mode, the CSRF cookie defaulted to SameSite=None, but the cookie was not marked as secure (which makes sense, as Hydra is running over HTTP), so the cookie gets ignored (and was getting CSRF value not present errors). I was able to get around it by either overriding the SameSite setting, or by switching to TLS termination.
- Loading branch information