search

freedit-org / freedit

The safest and lightest forum, powered by rust.
https://freedit.eu
MIT License
202 stars 22 forks source link

"This attempt to set a cookie via a Set-Cookie was blocked..." error on Chrome and Edge #86

Closed dominikdalek closed 1 year ago

dominikdalek commented 1 year ago

Cookie is never set on Edge and Chrome due to cookie rules violation. Error points to: https://datatracker.ietf.org/doc/html/draft-west-cookie-prefixes-05

This happens when testing locally w/o TLS and set-cookie issued with value __Host-id=###; SameSite=Strict; Path=/; Secure; HttpOnly; Max-Age=14400

As a workaround it probably makes sense to use a different cookie name when freedit runs locally on http. But I think it would be best to disallow insecure setups altogether and provide steps for cert/key generation.

freedit-dev commented 1 year ago

Thanks for your feedback. I just test it with Firefox.