From 21517723f4fe7657fc16b59e8d6bcd15afb7ea68 Mon Sep 17 00:00:00 2001 From: wh0ami Date: Mon, 21 Aug 2023 19:29:26 +0000 Subject: [PATCH] admin: add hint for known bug with SameSite strict and external OAuth2 providers --- docs/admin/config-cheat-sheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/config-cheat-sheet.md b/docs/admin/config-cheat-sheet.md index 18600c01..1d2e4231 100644 --- a/docs/admin/config-cheat-sheet.md +++ b/docs/admin/config-cheat-sheet.md @@ -762,7 +762,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type - `GC_INTERVAL_TIME`: **86400**: GC interval in seconds. - `SESSION_LIFE_TIME`: **86400**: Session life time in seconds, default is 86400 (1 day) - `DOMAIN`: **\**: Sets the cookie Domain -- `SAME_SITE`: **lax** \[strict, lax, none\]: Set the SameSite setting for the cookie. +- `SAME_SITE`: **lax** \[strict, lax, none\]: Set the SameSite setting for the cookie. Please note, that setting this to `strict` can break the login via an external OAuth2 provider - this is a [known bug](https://codeberg.org/forgejo/forgejo/issues/1205). ## Picture (`picture`)