CORS on chrome (SameSite = "None")

tom_fog · January 19, 2021, 4:18pm

Hi,
I’ve been using slim 3 for a little while.
I now want to make api calls through another domain in order to authenticate myself.
the CORS are well set up thanks to tuupola/cors-middleware
The api calls for the connection work well but I have a warning about cookies (SameSite = “None” missing ? ).
during my second api call to recover data, I have a 401 “Please Log in” so. (and the same warning in the chrome debugger)

how to set this cookie when answering in slim?
thank you

tom_fog · January 21, 2021, 4:20pm

Maybe with GitHub - selective-php/samesite-cookie: Secure your site with SameSite cookies ?

tom_fog · January 22, 2021, 9:55am

Closed
Solution (if php < 7.3) otherwise => PHP setting a Session-Cookie with samesite - Stack Overflow

put this before session_start() :

$maxlifetime = 86400; // 24h
$secure = true; // only over HTTPS
$httponly = false; // true : prevent JavaScript access to session cookie
$samesite = ‘None’;
session_set_cookie_params($maxlifetime, ‘/; samesite=’.samesite, _SERVER[‘HTTP_HOST’], $secure, $httponly);

Topic		Replies	Views
Slim v4 - CORS tuupola	14	6690	February 21, 2022
Issue when trying to handle CORS	2	2179	October 31, 2016
CorsSlim and slim 3	6	5122	April 13, 2016
SLIM 3 and CORS	2	11602	August 24, 2016
Enable CORS for specific domains	4	2216	July 22, 2021

CORS on chrome (SameSite = "None")

Related topics