So for the Laravel session and XSRF Token cookies we should use SameSite="Strict at config/session.php? How would we implement this and only have this apply for these two cookies I am now getting warnings for?
cookie `host-name_staging_session` will be soon rejected because it has
the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read
https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 1748
So for the Laravel session and XSRF Token cookies we should use
SameSite="Strict
atconfig/session.php
? How would we implement this and only have this apply for these two cookies I am now getting warnings for?I'd suggest
Lax
for your session cookie, notStrict
.