Cookie Confusion

I'm using iron-session to store the information necessary for ConnectKit's Sign-In With Ethereum (SIWE) to work on a GitHub pages hosted site backed by Supabase edge functions. (ConnectKit expects to have access to a /session endpoint that returns the authenticated user's Ethereum address.) iron-session stores session information as an encrypted string sent back and forth as a cookie. The problem I'm having is if SameSite is set to Lax or Strict, I get an error:
This attempt to set a cookie via a set-cookie header was blocked because it had a SameSite="Lax" attribute but came from a cross-site response which was not a response to a top-level navigation.
This is because the Supabase edge functions run on a randomuid.supabase.co host. If I set SameSite to None, I can get the cookie to go through, but I know browsers are increasingly restricting third-party cookies. Anyone have a suggestion as to how I should restructure my code? The obvious solution would be to use Supabase's session, but because I'm using SIWE, I don't think I have access to it. The Google page on deprecation of third-party cookies lists a few technological alternatives, probably using partitioned cookies is the way to go.
0 Replies
No replies yetBe the first to reply to this messageJoin
Want results from more Discord servers?
Add your server