Open james-martin-jd opened 4 years ago
I think this might be an NSS issue because cookies are set by the server.
This issue also appears using solid.community and this Chrome feature is now enabled on Android (breaking all Solid apps using the nssidp.sid
cookie), but can be disabled through chrome://flags/#same-site-by-default-cookies
.
It appears the change required in NSS is not too difficult but this could also be considered a solid-auth-client issue - if cookie-based authentication fails (e.g. because the client rejects third party cookies for any other reason), ideally it should be possible to fall back to another mechanism?
The NSS issue about rethinking authentication configuration also seems relevant https://github.com/solid/node-solid-server/issues/672
If I understand correctly, this authentication method no longer works on new servers anyway (https://github.com/solid/solid-auth-client/pull/173), so issues with SameSite in this library are no longer relevant and this issue can be closed as such?
This issue is visible for all users on https://generator.inrupt.com. Once logged in, a console warning is generated, which reads:
The only cookie on the generator.inrupt.com site is for inrupt.net, which is triggering the warning.
The links in the warning (https://www.chromestatus.com/feature/5088147346030592 etc) both go into more details on the issue as well, including linking to a timeline.