Same-site in Chrome
Google Chrome changed the behavior of
SameSite=None so that it isn't possible to use this SameSite mode without the HTTP Cookie
If you run a version of Ory Hydra 1.6 and below and experience this issue:
- Make sure to not use the
- Set configuration value
serve.cookies.same_site_modeor environment variable
Lax- this happens automatically for Ory Hydra v1.7.0 when running in HTTP mode.
Chrome rejects cookies without the
secure flag if a cookie with the same name for the same scope (domain, path) is set that has
secure flag. Ory Hydra 1.7.0+ uses different names for cookies with and without
secure flag. For versions prior to that,
you need to delete the cookies for the domain in order to get them working again.
Ory Hydra Running Over HTTP Without dev-mode Enabled
You are running Ory Hydra via HTTP but are missing the
--dev CLI flag:
hydra serve all -c path/to/config.yml --dev
available to the hostname and vice-versa.
Reverse proxy or load balancers
You are running Ory Hydra behind a reverse proxy that strips the Cookie header. If the reverse proxy supports path rewrites that might also cause issues!