Merge branch 'release/1.1'

OpenConext · Mar 10, 2020 · ed40963 · ed40963
2 parents 1785315 + 2baf8c1
commit ed40963
Show file tree

Hide file tree

Showing 3 changed files with 924 additions and 936 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 1.1.0
+ - Session cookies are setup with SameSite=None #22
+ - JS dependencies have been updated #23
+
 # 1.0.2
  - Enforce authentication on RA authenications #21
 

diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
@@ -8,7 +8,9 @@ framework:
     session:
         handler_id: null
         cookie_secure: auto
-        cookie_samesite: lax
+        # SameSite is set to none. As we must allow receiving a session cookie from the (trusted)
+        # remote Azure MFA IdP's
+        cookie_samesite: 'none'
     assets: ~
     #esi: true
     fragments: true