Sign in does not work on Safari about editor-backend HOT 13 CLOSED

Hey @domoritz I am not able to reproduce this mine login works fine

from editor-backend.

Hmm, let me try again. I was trying something else and it didn’t work for me.

from editor-backend.

No, does not work. I'm on Safari 13.1. Maybe this is some new restriction on cookies. I do get a warning in Chrome

from editor-backend.

Ahh, I think the issue is that our cookie is a third party cookie.

from editor-backend.

The issue is probably that we need to set cookies to be secure.

from editor-backend.

I think we need to set https://github.com/vega/editor-backend/blob/master/src/app.ts#L77 but somehow I cannot log in anymore after I uncomment this line.

@algomaster99 Can you help me here?

from editor-backend.

@domoritz what error are you getting?

from editor-backend.

There seem to be two separate issues.

1. Chrome warns us about unsafe cookies. We should enable safe cookies (but when I do it, login doesn't work for some reason).
2. When I check whether I am logged in in Chrome in incognito or Safari (on my machine) the response is always that I am not logged in.

Any idea what's going wrong? It looks like cors is not working as expected.

from editor-backend.

@domoritz Chrome in incognito works fine for me. For Safari, shall I just check it on some iPhone?

from editor-backend.

I noticed that I can log in if I disable this setting to prevent cross-site tracking.

Maybe let's focus on enabling safe cookies (https://github.com/vega/editor-backend/blob/master/src/app.ts#L77) for now and look at this issue later. Can you look into this?

from editor-backend.

@domoritz secure: true is only responsible for this behavior https://stackoverflow.com/a/40324493/11751642. What problem are you facing exactly?

from editor-backend.

Adding the secure flag is for #130 (comment)

from editor-backend.

@domoritz 44ed970 fixes this.
Please note my comment there though.

from editor-backend.