jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards

When ssl is enabled, code breaks where cookies are not stored in chrome.

narenmakwana opened this issue · 2 comments

In angular.json, add certs like:

        "serve": {
          "builder": "@angular-devkit/build-angular:dev-server",
          "options": {
            "browserTarget": "angular-sample:build",
            "ssl": true,
            "sslKey": "ssl/server.key",
            "sslCert": "ssl/server.crt"
          },

After this, the same code which was working before will break and the console shows the message:
A cookie associated with a cross-site resource at http://xxxxxxx.com was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Hey! Thx for the report. Had not tried my sample with SSL yet. Will investigate when I have a moment.

I just merged #70 after I tested it. If you now check out master branch and run npm run start-with-ssl (and of course ignore the certificate warning) then things work fine for me in Chrome 89 on Windows 10. At least with the demo identity server.

If your server has special/specific SameSite settings you'll probably need to check those. Or create a test setup where we can see the same symptom so we can investigate.

Sorry it took so long to get back to you. Assume you might've moved on in the mean time since there were no further pings or updates here. If you have more info and/or a repro for us, let us know here and I or a community member might be able to reopen an investigation.