Hi everybody! When trying to link a Facebook accou...
# ory-selfhostinga
ambitious-gigabyte-21534
04/19/2024, 12:19 PMHi everybody! When trying to link a Facebook account to a pre-existing Google account, we occasionally run into this error:
The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!m
magnificent-energy-493
04/22/2024, 1:10 PM
Hello @ambitious-gigabyte-21534
This error might be related to the way Ory handles cookies and CSRF (Cross-Site Request Forgery) mechanisms. Ory uses HTTP cookies to store sessions when accessed via a browser. If the necessary cookies are not present or are not correctly set, it might trigger Ory's anti-CSRF mechanisms and cause the error you're seeing.
Here are a few things you could check:
1. Browser Settings: Make sure the browser is not discarding cookies. For instance, if you're running the OAuth2 flow in separate browsers, or in a browser with incognito mode, or in a browser like Brave in "No-Tracking" mode, it might discard cookies.
2. Running Multiple OAuth2 Flows: If you're trying to do two OAuth2 flows at the same time in the same browser, it might cause issues.
3. Cookie Same-Site Mode: Check if you have changed the Cookie SameSite behavior. If this is the default value (you didn't change it), this shouldn't be an issue.
4. AJAX Requests: If you're using AJAX to call
/oauth2/authCookieSet-Cookie2 Views