- Open https://demo.magnolia-cms.com/
- Fill in credentials on login page
- Inspect network in browser
- Request is only redirect to original URL I've entered (https://demo.magnolia-cms.com/) after login.
- The request is redirected to http, then back to https.
- Since Chrome v90, this works only if cross site cookies are allowed.
<CookieProcessor sameSiteCookies="None" />
LoginFilter#getRedirectLocation redirects to absolute URL in case of the self redirect (to the browser URL user accessed before login and which was forwarded to login page), which might be http behind proxy although the browser uses https. Changing this to relative (URI) might fix the issue.
Quickfix applied to demo https://git.magnolia-cms.com/projects/INTERNAL/repos/demo.magnolia-cms.com/pull-requests/52/commits/fee6debafd3d91d0f838989fdc0f0056ceadfe8e#magnolia-demo-setup-module/src/main/java/info/magnolia/demosetup/DemoLoginFilter.java
Logout suffers from the same issue https://git.magnolia-cms.com/projects/PLATFORM/repos/main/browse/magnolia-core/src/main/java/info/magnolia/cms/security/LogoutFilter.java#98