Possibility of setting SameSite attribute on Divolte's Cookie

[vamsiikrishna]

Hi.

I wanted to start a discussion regarding the SameSite attribute.
currently the Cookie that is set by Divolte is without SameSite attribute, it defaults to SameSite=Lax, which is preventing the cookie being sent in a cross-site request.

Options suggested by Chrome developer tools:

Resolve this issue by updating the attributes of the cookie:

-- > Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
--> Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.

is it possible to consider allowing the user to configure the SameSite behaviour ?

Thank you.

[barendlinders]

+1 for this kind of behaviour. I was just about to ask something similar.

We are currently getting Firefox warnings:
_Cookie "dvp" will be soon rejected because it has the "SameSite" attribute set to "None" or an invalid value, without the "secure" attribute. To know more about the "SameSite" attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

and as such we would love the cookieString in divolte.js to include the SameSite=None; Secure part, but I understand that this might not be ideal for all users, so configuration is most likely preferable.