stevedylan.dev
I'm getting an HTTP 401 when trying to check a subscription status from a localhost (expected) but also from a reverse-proxied HTTPS address (ngrok). I realize now, in hindsight, I undid too much once I started testing from proxied addresses. Based on https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value we still need SameSite=None; Secure.
A CLI for publishing standard.site documents to ATProto
sequoia.pub
standard
site
lexicon
cli
publishing
HTTP 401 trying to check subscription status #21
open
opened by
heaths.dev
heaths.dev
Oh, wait, it's because I didn't have the cookie yet for that random host. But, we probably should add
secureto the cookie insequoia-subscribe.jsto make sure it's only sent over HTTPS. I checked Secure in F12 tools and verified it works even after deleting localStorage to make sure we don't fall back.