"Samesite=none; secure" and cookies for nginx reverse proxy - perhaps place information in docs

[SinanGabel]

Some background on samesite

Current couchdb documentation on nginx reverse proxy

A possible solution for couchdb behind an nginx reverse proxy:

(1) simply add the following line above the "location" nginx context within the "server" nginx context:

proxy_cookie_path / "/; HTTPOnly; Secure";

(2) In the local.ini configuration file set:

[couch_httpd_auth]
same_site = none

[wohali]

Hi @SinanGabel , this looks like a request for us to improve our nginx reverse proxy documentation. Would you be willing to submit a pull request for that over at https://github.com/apache/couchdb-documentation ? If you're new to Git or to our documentation format, we're happy to walk you through the steps.

[SinanGabel]

Hi @wohali , thank you for your quick reply.

After posting I realized that it may actually be a general Couchdb issue because according to:

Problem

Chrome status

"Any cookie that requests SameSite=None but is not marked Secure will be rejected."

Possibly Solution

Ensure that Couchdb also adds "Secure" along "SameSite=None" if that setting is used in local.ini configuration.

Further

... but I am not sure where the "Secure" part belongs: Couchdb or the reverse proxy web servers.