I'm getting the following warning in the browser console:
Cookie “mycookie” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
I want to have the cookie sent in each call on the server in production at the main domain at example.com. But I'd also like to be able to test on localhost:3000.
How do I need to address this?
Here is my test setup:
const cookieOptions = {
maxAge: 1000 * 60 * 15, // expire after 15 minutes
httpOnly: false, // only accessible by the web server not javascript document.cookie
signed: true // if the cookie should be signed
}
var myvalue = "abc";
response.cookie('mycookie', myvalue, cookieOptions);
I read this article, but it doesn't say anything about settings for localhost.
Although, I might be misunderstanding.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
That I don't list the domain but list the policy setting. In which case strict will work when testing on localhost or production.
Although, setting SameSite on node js seems to have no effect.
Update. It seems using sameSite works while SameSite does not. MDN shows examples using SameSite.
