SameSite Cookie Issues

continuing from here: Security Provider Issue with Server Side Redirection in SPA PHP

Setup:
PROD: Wappler 3.9.1, PHP with SameSite attribute set to STRICT
DEV: Wappler 4.0.1, PHP with SameSite attribute set to STRICT and parent page and each route have security enforcer added.

Problem:
login works via a server connect route - coming in from a third party domain. This works well in PROD but fails with a 302 right after server side redirection in DEV.

if we switch off security provider on parent - then login via server connect route works.
if we change SameSite attribute to NONE - then login via server connect route works.

but we cannot do either of these things.

so how can we make work SameSite: STRICT with security enforcer on the parent page of SPA with latest version of Wappler?

Community Page
Last updated: