MKodde
commented
4 years ago The build is breaking because of 'some' JS dependencies with security issues. This is addressed in #23
Closed MKodde closed 4 years ago
MKodde
commented
4 years ago The build is breaking because of 'some' JS dependencies with security issues. This is addressed in #23
The PHP session cookie should not have the samesite lax or strict setting. As this would prevent the session cookie from being present when the remote Azure MFA IdP sends back a SAML response.
So it is set to the for now advisable 'none' setting. Combined with the secure setting, this will be accepted by modern browsers.
See: https://www.pivotaltracker.com/story/show/171721565 symfony/symfony#31475