My OS is Mojave 10.16.6, browser Safari 14.1.1.
I ve developed an API with a token-based authentication. The token gets put into a cookie and is than sent to the browser and back to the server until logout. Here is the blog I used as blueprint: https://medium.com/@shindelav/make-an-api-based-application-with-laravel-passport-d6f1074a7b3a
Later I`ve adopted the session.php like this because of the new security policies of several browsers:
'secure' => env('SESSION_SECURE_COOKIE', true), 'same_site' => "none".
And the AuthController.php I configured the cookie like this:
return [ 'name' => '_token', 'value' => $token, 'minutes' => 1440, 'path' => null, 'domain' => null, // 'secure' => true, // for production 'secure' => true, // for localhost 'httponly' => true, 'samesite' => 'None', ];
Most of browsers do work now (googleChrome etc..) with SameSite=None and Secure=true but safari browser wont (ok and epic Privacy). Safari wont sent back the cookie with the token for its security policy.
I came across this discussion: https://gist.github.com/koba04/d52765516600ec51d1761bb0ce994a11
I than turned off "Prevent cross-site tracking" in preferences->privacy and now Safari Browser works too, but this isn`t a sustainable solution. Does anybody have a feasible workaround?
Thx Paul
