From ca0c2877b5bb6f22c26755231750aef944d47995 Mon Sep 17 00:00:00 2001 From: Peter Maquiran Date: Tue, 21 Apr 2026 20:34:46 +0100 Subject: [PATCH] set sameSite to none --- app/api/auth/callback/route.ts | 2 +- app/api/auth/refresh/route.ts | 4 ++-- app/api/session/route.ts | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/api/auth/callback/route.ts b/app/api/auth/callback/route.ts index 86fa8a6..a8b316d 100644 --- a/app/api/auth/callback/route.ts +++ b/app/api/auth/callback/route.ts @@ -49,7 +49,7 @@ export async function GET(req: Request) { res.cookies.set("access_token", data.access_token, { httpOnly: true, secure: isHttps, - sameSite: "lax", + sameSite: "none", path: "/", maxAge: data.expires_in, ...(BASE_URL ? { BASE_URL } : {}), diff --git a/app/api/auth/refresh/route.ts b/app/api/auth/refresh/route.ts index 1aa0212..8f0eae7 100644 --- a/app/api/auth/refresh/route.ts +++ b/app/api/auth/refresh/route.ts @@ -35,7 +35,7 @@ export async function GET(req: Request) { response.cookies.set("access_token", data.access_token, { httpOnly: true, secure: isHttps, - sameSite: "lax", + sameSite: "none", path: "/", ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}), maxAge: data.expires_in, @@ -44,7 +44,7 @@ export async function GET(req: Request) { response.cookies.set("refresh_token", data.refresh_token, { httpOnly: true, secure: isHttps, - sameSite: "lax", + sameSite: "none", path: "/", ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}), maxAge: data.expires_in, diff --git a/app/api/session/route.ts b/app/api/session/route.ts index e1d1596..dbd93b8 100644 --- a/app/api/session/route.ts +++ b/app/api/session/route.ts @@ -8,7 +8,7 @@ export async function POST(req: Request) { res.cookies.set("auth_token", token, { httpOnly: true, secure: true, - sameSite: "lax", + sameSite: "none", path: "/", });