kratos
kratos copied to clipboard
ory
Unable to change the SameSite cookie value in kratos.yaml
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
I'm unable to change the same_site value. No matter what I do in the kratos.yaml config file the SameSite cookie value is Lax and 'None' for the session cookie.
Reproducing the bug
Use docker compose to run kratos.
Relevant log output
No response
Relevant configuration
...
cookies:
domain: kupon.local
same_site: Strict
session:
cookie:
domain: kupon.local
same_site: Strict
...
Version
0.10.1
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Docker Compose
Additional Context
docker_compose file
kratos:
image: oryd/kratos:v0.10.1
depends_on:
- kratos-migrate
ports:
- '4433:4433' # public
- '4434:4434' # admin
restart: unless-stopped
environment:
- DSN=postgres://${Some_DB_USER}:${Some_DB_PASSWORD}@Some-postgres:5432/kratosdb?sslmode=disable&max_conns=20&max_idle_conns=4
- LOG_LEVEL=debug
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
volumes:
- type: bind
source: ./.config/kratos/email-password
target: /etc/config/kratos
networks:
- Some_intranet
Try disabling the dev mode, but it also means that you will additionally need TLS deployed. This should however work IMO in dev mode - setting Strict that is at least: Setting it to None won’t work unless TLS is enabled
In my local setup, Kratos is using SSL but my frontend not. I want to be able to keep dev mode and change the samesite value so the cookie can be set for the frontend. To me this looks like a bug
Deployed TLS and now all works fine. It looks like --dev is not removing the SameSite=Lax cookie attribute