- From: Alexandre Gaudencio <notifications@github.com>
- Date: Thu, 31 Jan 2019 07:11:23 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 31 January 2019 15:11:44 UTC
Hello, I just got bit by this and spent a lot of time understanding what the issue was :| I use cookies to make cross domain requests from `domain.com` to `subdomain.domain.com`. Because of `SameSite: Lax` I can't make my requests (that was very painful to debug >_<) even though I passed all the preflight queries properly. I understand now the purpose of the `SameSite: Lax` value, but in my context it is an issue because I either: - Remove this option, and open myself to CSRF (although I'm working on an API this might be less of an issue but still) - Keep this option and can't authenticate at all :| Is there anything you would recommend on this situation? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/769#issuecomment-459379648
Received on Thursday, 31 January 2019 15:11:44 UTC