There can be many footguns when it comes to authentication. We should provide the list of the things we do to make sure that everything is well configured. If this could be automated, it would be even more awesome obviously.
Things that comes to mind right now:
- cookie domain FRONT_COMMERCE_COOKIE_DOMAIN (< 1.0.0-beta.6)
- secure/unsecure cookie
- production is https only
- but a proxy needs to forward the necessayr infos used (X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port) (DEBUG=front-commerce:config and go to
/__front-commerce/debug url)
- any platform specificities? Magento2? Magento1?
There can be many footguns when it comes to authentication. We should provide the list of the things we do to make sure that everything is well configured. If this could be automated, it would be even more awesome obviously.
Things that comes to mind right now:
/__front-commerce/debugurl)