I am working on my headers for a couple of deployed applications, I attach a "Set-Cookie" attribute to a response from my server to my client (2 separate hosted domains). I see the Set-Cookie coming back in the Network response. It works fine locally, however, I get an error attached to the "Set-Cookie" attribute ⚠️ saying.
The Set-Cookie didn't specify a "SameSite" attribute and was defaulted to "SameSite=Lax" and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie has to have been set with "SameSite=None" to enable cross-site usage
I have tried a few different syntaxes to achieve this, and have failed so far... https://github.com/VolksRat71/NOT_SUPREME/blob/master/backend/src/resolvers/Mutation.js#L111-L115
So far I have tried...
sameSite: "None"
>> option sameSite is invalid
SameSite: "None"
>> defaulted to "SameSite=Lax"
"SameSite" : "None"
>> defaulted to "SameSite=Lax"
"Same-Site" : "None"
>> defaulted to "SameSite=Lax"
"SameSite" : "none"
>> defaulted to "SameSite=Lax"
The version of Express in your package-lock.json file is Express v4.16.3. The "none" value for the sameSite option was added in Express v4.17.0.
You can delete your package-lock.json file and then re-run the npm installation with npm i - that will generate an up-to-date npm lockfile and it should have the latest version of Express.
You can then test and see if the sameSite option works. The option is spelled as sameSite (camelcase) and the value is 'none' (lowercase).
