Issue

Expected Behavior

There should be no CORS errors in the browser console.
Bonus, when the app is running in https mode, all cookies should be set to secure mode.
And http security headers should be added:

1. x-strict-transport-security
2. x-frame-options
3. x-xss-protection
4. content-security-policy
5. referrer-policy could be no-referrer-when-downgrade

Actual Behavior

Some cookies are misusing the recommended Same-Site attribute (27).

Possible Fix

CORS changes the game rules: stackoverflow.com/questions/46288437/… With it you have server side: Access-Control-Allow-Credentials, Access-Control-Allow-Origin, Access-Control-Allow-Headers + cookie setting Secure, SameSite=None and client side: XMLHttpRequest.withCredentials + ES6 fetch() credentials: 'include'

Steps to Reproduce

1. Install SuiteCRM 7.14 (latest) from Bitnami.
2. Open Firefox (latest version).
3. Log in to the app with the default credentials.
4. Open browser console (Ctrl Shift I), you will see the error listed there.

Context

Modern browsers are getting more and more strict with regard to cookies and CORS rules.
If this issue is not fixed soon, the app will start to malfunction, because the browser will discard these non-compliant cookies without explicitly set CORS policies.

Your Environment

• SuiteCRM Version used:
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Firefox latest version 119.0.
• Environment name and version (e.g. MySQL, PHP 7): MariaDB 10.6
• Operating System and version (e.g Ubuntu 16.04): Linux Debian 12