Hi, for a client we develop a web shop application that handles payment by redirecting the user to a page of a payment service provider. After successful (or failed) payment the user is redirected back to our application with a post request. With Chrome 80 this began to be a problem because on cross-domain post requests the cookies are no longer transmitted. This can be fixed by setting SameSite=None on the cookies, what we did (also for the haproxy persistent session cookie) and it works fine.
But there is a new problem: old browsers, especially Safari on macOS < 10.15 and iOS < 13. These browsers do not know of the value “None” for parameter “SameSite” and treat unknown values as “Strict”. So, no cookies for these browsers on the cross-domain post request. For the web application we fixed this by adding 2 cookies, one with SameSite=None and another (“legacy” cookie) without SameSite parameter. Any ideas on how to handle this problem for haproxy? Thanks Matthias
