Infinite SSO redirect on Safari

:man_facepalming: I’ve spent a very long time figuring out a similar issue was caused by this samsite=lax behaviour:

This fixes my issue - at least on macOS Mojave - so I assume it fixes it on iOS too. Thanks!

I’d also like to know people’s opinions on this.

What with this being the Mozilla Discourse and all, we don’t have a huge amount of traffic from Safari, so don’t want to make ourselves vulnerable to CSRF attacks for something which will benefit a very small proportion of our users.

6 Likes