Redirect Looping - SameSite Errors

Are you getting stuck in a redirect loop?  Are you seeing some console errors in your browser about SameSite Cookies?  

 

Browsers are starting to enforce strict rules on Cookies set by web apps.  The issue here is when an application is not hosted on the same host as Organizr.  You have three options...

  1. If you are browsing locally, you can add host records to your network or machine that you are browsing with.  
  2. If you are browsing from WAN, you can create reverse proxies.
  3. Depending on your browser software you can just turn off this check.

 

Option #1

We will use windows as an example.

Host file location

The Hosts file in Windows is located at the following location:

C:\Windows\System32\drivers\etc

Here you will see the Hosts file. Right-click on it and select Notepad. Make the changes and Save.

But sometimes, even when you are logged on with administrative credentials, you may receive the following error message:

Access to C:\Windows\System32\drivers\etc\ hosts was denied

Or

Cannot create the C:\Windows\System32\drivers\etc\hosts file. Make sure that the path and file name are correct.

In this case, type Notepad in Start search and right-click on the Notepad result. Select Run as administrator. Open the Hosts file, make the necessary changes, and then click Save.

The changes you need to make are like below:

127.0.0.1       hostname

The left value is the IP address and the right value is the hostname or text you want to tie to that IP address. For this fix everything needs to be on the same domain (basically like how subdomains work when reverse proxying).

Note: They must be on the same subdomain for this to work. You can't just do <service>.tld, they have to be <service>.something.tld

Router/DNS

Depending on your Router you will need to lookup how to achieve this.  Routers usually utilize using Dnsmasq.

 

Option #2

Depending on your webserver - you can just lookup your webserver and reverse proxy to achieve this.  

 

Option #3

**THIS ONLY WORKS IF THE COOKIE IS NOT BEING SET WITH THE SAMESITE PROPERTY**

Chrome 

Access this page from your browser  chrome://flags

Search for SameSite and disable it.

Edge

Access this page from your browser edge://flags/

Search for SameSite and disable it.

image-1585768871808.png

FireFox

Access this page from your browser about:config

Search for SameSite and disable it.

image-1585769029546.png

 

Application Errors

Jackett and Tautulli seem to hardcode the SameSite cookie as Lax
Sonarr/Radarr/Lidarr are starting to hardcode the SameSite cookie as Strict

The only way to bypass that is to use Option #1 or Option #2

 

 

 

 

Read more about SameSite

No Comments
Back to top