From 310a8ac2427978779c1bb31f71321bfb84688336 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Fri, 30 Aug 2019 17:55:18 +0100
Subject: [PATCH] FIX: Auth popup handling for Safari same-site cookie quirks

When opening authentication popup, start with an on-site URL. Opening "about:blank", and then POSTing the form does not send same-site=Lax cookies. Opening the popup to a page on the site domain, and then POSTing the form, works successfully.
---
 app/assets/javascripts/discourse/models/login-method.js.es6 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/models/login-method.js.es6 b/app/assets/javascripts/discourse/models/login-method.js.es6
index 0b1260447a1..83e9a18a9dc 100644
--- a/app/assets/javascripts/discourse/models/login-method.js.es6
+++ b/app/assets/javascripts/discourse/models/login-method.js.es6
@@ -53,7 +53,7 @@ const LoginMethod = Ember.Object.extend({
         }
         LoginMethod.buildPostForm(authUrl).then(form => {
           const windowState = window.open(
-            "about:blank",
+            authUrl,
             "auth_popup",
             `menubar=no,status=no,height=${height},width=${width},left=${left},top=${top}`
           );