HirokazuNishi
commented
3 years ago @ifew Well... Is your environment running under HTTPS? As your browser said, SameSIte=None must be used with HTTPS (and secure flag).
Closed ifew closed 3 years ago
HirokazuNishi
commented
3 years ago @ifew Well... Is your environment running under HTTPS? As your browser said, SameSIte=None must be used with HTTPS (and secure flag).
ifew
commented
3 years ago @ifew Well... Is your environment running under HTTPS? As your browser said, SameSIte=None must be used with HTTPS (and secure flag).
Yes, my website running on HTTPS
HirokazuNishi
commented
3 years ago @ifew could you share me your Magento version? and which version of our extension you installed?
ifew
commented
3 years ago @HirokazuNishi I use Magento 2.4.1 and use extensions latest version on your master branch
HirokazuNishi
commented
3 years ago @ifew I couldn't reproduce. Could you share me your browser's cookie status? You can check it from developer tool > application.
ifew
commented
3 years ago @HirokazuNishi If not skip PublicCookieMetadata.php and CookieMetadata.php, I got PHPSESSID with "HttpOnly, Secure, None" but can't load the website because got the error message " Cookie must be secure in order to use the SameSite None directive."
ifew
commented
3 years ago @HirokazuNishi If it's work, I got this cookie browser's status
HirokazuNishi
commented
3 years ago @ifew my local warden based environment works as expected. Also I tested with both developer and production mode.
ifew
commented
3 years ago @HirokazuNishi this my environment is the development server and running on Nginx proxy, I think maybe my (fake) SSL is a problem. what's do you think?
HirokazuNishi
commented
3 years ago @ifew I haven't tested with untrusted SSL cert (like self-signed), because it should be signed by CA and without any error. If you're using self-signed SSL cert, please trust it on your browser or OS before you start testing.
ifew
commented
3 years ago @HirokazuNishi Yes, I already trusted self-signed SSL the browser before testing. and I will try on real SSL again.
Thank you for your support
After installing the module (via Manual) and configure cookie SameSite to "None" and frontend I got an error message " Cookie must be secure in order to use the SameSite None directive."
and then I comment 2 files
comment line 82-86 in /vendor/magento/framework/Stdlib/Cookie/PublicCookieMetadata.php
_public function setSecure($secure) { // if (!$secure && $this->get(self::KEY_SAME_SITE) === 'None') { // throw new \InvalidArgumentException( // 'Cookie must be secure in order to use the SameSite None directive.' // ); // } return $this->set(self::KEYSECURE, $secure); }
comment line 164-168 in /vendor/magento/framework/Stdlib/Cookie/CookieMetadata.php
_public function setSameSite(string $sameSite): CookieMetadata { if (!array_key_exists(strtolower($sameSite), self::SAME_SITE_ALLOWED_VALUES)) { throw new \InvalidArgumentException( 'Invalid argument provided for SameSite directive expected one of: Strict, Lax or None' ); } // if (!$this->getSecure() && strtolower($sameSite) === 'none') { // throw new \InvalidArgumentException( // 'Cookie must be secure in order to use the SameSite None directive.' // ); // } $sameSite = self::SAME_SITE_ALLOWED_VALUES[strtolower($sameSite)]; return $this->set(self::KEY_SAMESITE, $sameSite); }
and it's work!!
I know, it's not good practice. but I can work around this solution? or you have another good idea to share?