Hi,
The support for sameSite ‘None’ was added (by me) a couple of weeks ago. Now you can select ‘None’ as cookie settings. However, when you change and save it, you cannot login anymore. The session/csrf request returns a 500.
I tracked that error down and the logs say:
Failed to handle exception in exception app middleware : Invalid SameSite value: "None"
in
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.8/lib/rack/utils.rb:260:in add_cookie_to_header’`
Now, I found out that our current Rack Version (2.0.8) doesn’t support sameSite ‘None’ as a setting. It is supported by the most recent version of Rack though.
The Gemfile in the project is commented with some hint though that the upgrade of Rack might break something:
Therefore, I would prefer that someone upgrades it who has a deeper knowledge of the project than I have.
I would see that as critical, since, if you change the cookie settings to “None”, nobody is able to login anymore and the only way to fix it is over the database.
Can anyone please either fix it or assist? I’m not super professional in Ruby.