diff --git a/pkg/app/server/httpapi/auth_handler.go b/pkg/app/server/httpapi/auth_handler.go
index 34fd584371..34823be36a 100644
--- a/pkg/app/server/httpapi/auth_handler.go
+++ b/pkg/app/server/httpapi/auth_handler.go
@@ -146,7 +146,7 @@ func makeTokenCookie(value string, secure bool) *http.Cookie {
 		Path:     rootPath,
 		Secure:   secure,
 		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
@@ -158,7 +158,7 @@ func makeExpiredTokenCookie(secure bool) *http.Cookie {
 		Path:     rootPath,
 		Secure:   secure,
 		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
@@ -170,7 +170,7 @@ func makeStateCookie(value string, secure bool) *http.Cookie {
 		Path:     rootPath,
 		Secure:   secure,
 		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
@@ -182,7 +182,7 @@ func makeExpiredStateCookie(secure bool) *http.Cookie {
 		Path:     rootPath,
 		Secure:   secure,
 		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
@@ -194,6 +194,6 @@ func makeErrorCookie(value string, secure bool) *http.Cookie {
 		Path:     rootPath,
 		Secure:   secure,
 		HttpOnly: false,
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }