fix: Discord OAuth CSRF cookie SameSite=None for cross-site callback
PR Checks / test-and-build (pull_request) Successful in 6m34s
PR Checks / test-and-build (pull_request) Successful in 6m34s
- Changed __DiscordOAuthState cookie from SameSite=Strict to SameSite=None because Discord redirects from discord.com (cross-site) and Strict prevents the cookie from being sent on the callback request. - Added logging for CSRF validation failure to aid future diagnostics. Bump version → 2.8.1 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+2
-2
@@ -67,7 +67,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
discord:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.8.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-discord-bot:2.8.1
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
@@ -84,7 +84,7 @@ services:
|
||||
retries: 3
|
||||
|
||||
web:
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:2.8.0
|
||||
image: git.codeanddice.ru/toutsu/gmrelay-web:2.8.1
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
|
||||
Reference in New Issue
Block a user