Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Why do i get cors error when i do `kratos.toSession()` on web in chrome but not in firefox? Kratos uses cookie samesite lax and i don't have https in dev mode now. kratos is using `--dev` flag. Does chrome really require https for lax, i thought it was only for samesite none.

Could the CORS response be cached by the browser?

Yeah i solved it somehow, i think it was some cache annoyance in the end.