Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Bell is not compatible with Hapi 15 due to same-site: strict for cookie #264
Bell is currently not compatible with Hapi 15. You should stick with Hapi 14 until we set the same-site attribute for the cookie that Bell has to set to either be turned off or set to lax. I am experimenting with different providers to determine how they do the redirect back, but until then hapi 15 will not work.
So the results of my investigation are as follows: I am using a Mac and do not have access to a Window machine. Tested with Firefox, Safari, Chrome
If we set the state cookie to sameSite: Strict, then when we get redirected back from all the providers I've tried, the browser does not send us the cookie as expected, but then, Bell has a mechanism (originally developed for Safari) to do a refresh when that is the case of the page. So, in this case the request would come from our site and in all browsers except one, that was the case and we were logged in.
That browser is chrome UNLESS you try in incognito mode then it does the right thing.
So, the only way to fix this properly is to set sameSite: false ... I wanted to include some interesting things in 9.0.0 but if I am right, I should release a new version asap to make it work with Hapi 15 properly in Chrome.