Google recently changed their cookie policies (Chrome's Changes Could Break Your App: Prepare for SameSite Cookie Updates | Heroku). Basically all cookies which come from another top level domain must have the attribute “secure: true” (which is the case), plus “sameSite=None”.
“same site cookies” with the options: “Lax”, “Strict”, “Disabled”.
The first two will be directly forwarded as values of the “SameSite” parameter in the cookie. “Disabled” does not set a value at all.
Now the problem is, that we need to pass a value “None” into the cookie. Only with “None” the cookie will be transferred to the other (non-same toplevel-domain) site.
However, there’s no value “None” which I can select in discourse - but we desperately need it to make our discourse forum API work.
It should be no big hassle to implement an additional value “None” in the same_site cookie.
Can someone please have a look?
Thanks in advance!