Closed knabar closed 1 year ago
It would be great to add some guidance for using these settings to the docs at https://omero.readthedocs.io/en/v5.6.7/sysadmins/unix/install-web/walkthrough/omeroweb-install-centos7-ice3.6.html#setting-up-cors
Even after reading the Django docs, I'm not clear on a use-case for setting these to a non default value?
@will-moore Our use case is that we have JavaScript applications that need to request data from OMERO.web via API calls. Since these applications run under different domain names than OMERO.web, the browser will not send the CSRF and session cookies for the active OMERO.web session with those requests.
Here is the best explanation of the different SameSite
settings I could find so far:
https://web.dev/samesite-cookies-explained/
Ah - I wonder if this is what I needed when I couldn't get out JavaScript login example working a couple of years ago? https://github.com/ome/openmicroscopy/pull/6276#issuecomment-875624216
It’s possible - there are so many restrictions though nowadays that it’s hard to pinpoint sometimes
Added to documentation at https://github.com/ome/omero-documentation/pull/2317
Allow setting
samesite
cookie properties, required to properly support CORS configurations:Reference: