Error attached to the "Set-Cookie" attribute ⚠️

Question

I am working on my headers for a couple of deployed applications, I attach a "Set-Cookie" attribute to a response from my server to my client (2 separate hosted domains). I see the Set-Cookie coming back in the Network response. It works fine locally, however, I get an error attached to the "Set-Cookie" attribute ⚠️ saying.

The Set-Cookie didn't specify a "SameSite" attribute and was defaulted to "SameSite=Lax" and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie has to have been set with "SameSite=None" to enable cross-site usage

I have tried a few different syntaxes to achieve this, and have failed so far... https://github.com/VolksRat71/NOT_SUPREME/blob/master/backend/src/resolvers/Mutation.js#L111-L115

So far I have tried...

sameSite: "None"
>> option sameSite is invalid

SameSite: "None"
>> defaulted to "SameSite=Lax"

"SameSite" : "None"
>> defaulted to "SameSite=Lax"

"Same-Site" : "None"
>> defaulted to "SameSite=Lax"

"SameSite" : "none"
>> defaulted to "SameSite=Lax"

Picture of Header in Frontend Deployed App

Asjas · Accepted Answer · 2021-01-10T19:36:51.507

3

The version of Express in your package-lock.json file is Express v4.16.3. The "none" value for the sameSite option was added in Express v4.17.0.

You can delete your package-lock.json file and then re-run the npm installation with npm i - that will generate an up-to-date npm lockfile and it should have the latest version of Express.

You can then test and see if the sameSite option works. The option is spelled as sameSite (camelcase) and the value is 'none' (lowercase).

edited Jan 10 '21 at 19:36

answered Jan 10 '21 at 19:26

Asjas

1,362
1
11
16

1

You are the best! I finally after HOURS have a function application. – VolksRat71 Jan 10 '21 at 20:11

Error attached to the "Set-Cookie" attribute ⚠️

1 Answers1

Linked