I get a warning that my cookie has no proper SameSite attribute value:
However, it’s not defined as an option in discourse/app/assets/javascripts/discourse/app/lib/cookie.js at 39aa70d7cbb356edc4d583348313e3ed264965d0 · discourse/discourse · GitHub. Should it be added?
Is there any function in the current version of discourse to set the SameSite attribute? I’m finding older posts indicating it used to be in the settings, but I can’t find it in settings now.
Thanks!
Steve
Hi Stephen, Discourse sets all cookies to SameSite=lax. So you don’t need to do anything 
The issue in the original post by @nolo was fixed back in April by this commit.
It is technically possible to vary the SameSite value of server-set cookies by changing the hidden same_site_cookies setting via the console. But we strongly advise against it - picking other values will either cause functional issues or security issues.
