Configuring Cookies
By default, cookies sent by the Hydra Public endpoints are set without explicitly specifying a SameSite mode. If you wish for
these cookies to be set with a mode you can use the serve.cookies.same_site_mode
setting. Possible values are Strict
, Lax
or
None
.
If you wish to embed requests to hydra on a third party site (for example an iframe that periodically polls to check session
status) you will need to set the mode to None
.
Some browser versions reject cookies using the Same-Site=None
attribute. Hydra implements a workaround that can be
enabled by setting serve.cookies.same_site_legacy_workaround
to true
. This workaround is disabled by default, and only takes
effect when serve.cookies.same_site_mode
is set to None
.