CORS on chrome (SameSite = "None")

I’ve been using slim 3 for a little while.
I now want to make api calls through another domain in order to authenticate myself.
the CORS are well set up thanks to tuupola/cors-middleware
The api calls for the connection work well but I have a warning about cookies (SameSite = “None” missing ? ).
during my second api call to recover data, I have a 401 “Please Log in” so. (and the same warning in the chrome debugger)

how to set this cookie when answering in slim?
thank you

Maybe with GitHub - selective-php/samesite-cookie: Secure your site with SameSite cookies ?

Solution (if php < 7.3) otherwise => PHP setting a Session-Cookie with samesite - Stack Overflow

put this before session_start() :

$maxlifetime = 86400; // 24h
$secure = true; // only over HTTPS
$httponly = false; // true : prevent JavaScript access to session cookie
$samesite = ‘None’;
session_set_cookie_params($maxlifetime, ‘/; samesite=’.samesite, _SERVER[‘HTTP_HOST’], $secure, $httponly);

1 Like