When accessing a document for which a request a copy has been approved takes the user via /cgi/process_request. This created a cookie called eprints_doc_request. In https://github.com/eprints/eprints3.4/commit/c53b3522 this has its samesite attribute set to strict. This creates a problem as /cgi/process_request never serves a page it just immediately redirects (302) to the requested document. This means the cookie never gets properly recorded by the browser (for some browsers. Firefox it does not, Chrome it does). This means when redirect to the restricted document the user's browser does not have the cookie allowing them access so they get redirected to a login screen.
Unfortunately, the only straightforward fix to actually get /cgi/process_request to load with HTML including a meta refresh to redirect to the requested document. This fixes the issue but is rather ugly.
When accessing a document for which a request a copy has been approved takes the user via
/cgi/process_request. This created a cookie calledeprints_doc_request. In https://github.com/eprints/eprints3.4/commit/c53b3522 this has itssamesiteattribute set to strict. This creates a problem as /cgi/process_request never serves a page it just immediately redirects (302) to the requested document. This means the cookie never gets properly recorded by the browser (for some browsers. Firefox it does not, Chrome it does). This means when redirect to the restricted document the user's browser does not have the cookie allowing them access so they get redirected to a login screen.Unfortunately, the only straightforward fix to actually get
/cgi/process_requestto load with HTML including a meta refresh to redirect to the requested document. This fixes the issue but is rather ugly.