continuing from here: Security Provider Issue with Server Side Redirection in SPA PHP
Setup:
PROD: Wappler 3.9.1, PHP with SameSite attribute set to STRICT
DEV: Wappler 4.0.1, PHP with SameSite attribute set to STRICT and parent page and each route have security enforcer added.
Problem:
login works via a server connect route - coming in from a third party domain. This works well in PROD but fails with a 302 right after server side redirection in DEV.
if we switch off security provider on parent - then login via server connect route works.
if we change SameSite attribute to NONE - then login via server connect route works.
but we cannot do either of these things.
so how can we make work SameSite: STRICT with security enforcer on the parent page of SPA with latest version of Wappler?
Last updated: