Here is the Mozilla Developer Network page "Access-Control-Allow-Credentials" section: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Access-Control-Allow-Credentials The "Requests with credentials" section is also relevant (this is where I found the example which is not working in Firefox): https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials
I had Settings->Privacy-> Accept-third-party cookies: never set. So this behaviour is expected. When I changed it to Always it worked again. This does break CORS for a lot of use cases however. A warning for why the Set-Cookie fails would be nice, but I guess this bug can be closed.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.