We cannot disable the reverse proxy, because it serves multiple sites, it accelerates them and automatically manages digital certificates, but we will disable any manual manipulation of the Set-Cookie headers in our Caddy configuration:

# Removed: # Set-Cookie "SameSite=None; Secure; HttpOnly; Path=/" 

From now on, all cookie handling will be managed entirely by the PHP backend, and the reverse proxy will simply forward the headers as-is.

We’ve tested this setup with UNA 14.0.0-RC5 and the Google Connect login flow and it appears to be working correctly now.

Thanks @Alex T⚜️ for the update and for pointing us in the right direction!

https://github.com/kabballa/una-reverse-proxy/commit/c8f5f0507cecf50ea267e3728c718bf9e82c70eb