Can't log in when forum is shown in an iframe

Lukeman

My forum is (sometimes) shown in an iframe, since updating to 14.1 it's not possible anymore to log in.
Otherwise there is no problem.
In the console I notice this failure:
Cookie ‘flarum_session’ is afgewezen, omdat deze zich in een cross-site-context bevindt en de ‘SameSite’ ‘Lax’ of ‘Strict’ is.

clarkwinkelmann

Up to Flarum beta 13, Flarum was not setting the SameSite attribute on cookies. This means different browers might have read them as either None or Lax.

Since beta 14, Flarum sets SameSite=Lax by default.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

You can change the SameSite value by editing config.php, for example:

<?php return array (
  'debug' => false,
  'database' => 
  array (
    /* existing stuff */
  ),
  'url' => 'https://example.com',
  'paths' => 
  array (
    /* existing stuff */
  ),
  'cookie' => [
    'samesite' => 'none', // `strict` / `none`, defaults to `lax`
  ],
);

Lukeman

clarkwinkelmann Thanks Clark, I will make the adjustments as you described.