Base solution for your next web application
Open Closed

Solution for unable to log in via http in the new chrome. #9537


User avatar
4
maliming created
Support Team

The new Chrome will block your application cookies because of the SameSite problem.

Error message in the console.

A cookie associated with a resource at http://example.com/ was set with SameSite=None but without Secure. It has been blocked, as Chrome now only delivers cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.`

There are two solutions:

  1. Use https for your website.(recommend)

  2. Add SameSite Cookie Policy

https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Extensions/SameSiteHandlingExtensions.cs https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Startup.cs#L43 https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Startup.cs#L113

https://github.com/aspnetzero/aspnet-zero-core/commit/74b139eb0d8edd8658888189471cd3a192891779


No answer yet!