Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?

Squirrl picture Squirrl · Aug 5, 2020 · Viewed 9k times · Source

In a Chrome warning it says "Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use." How do I do this correctly using express-session?

app.use(
  cors({
    credentials: true,
    origin: ["http://localhost:3000", "https://elated-jackson-28b73e.netlify.app"] //Swap this with the client url 
  })
);
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
  sess.cookie.sameSite = 'none'
}

app.use(session(sess))

Answer