Note in the latest v5.8.1 on MyGet it will use reflection to set the SameSite cookie in .NET v4.7.2+ from ServiceStack’s net45 builds.
One thing you can try is override ASP.NET’s Cookie APIs which isn’t advisable but may work, you can try overriding SetCookieFilter() in your AppHost and basically return false everytime to prevent ServiceStack from using ASP.NET’s Cookie APIs to set it, then try set it manually, something like:
public override bool SetCookieFilter(IRequest req, Cookie cookie)
{
if (!base.SetCookieFilter(req, cookie))
return false;
var cookieStr = cookie.AsHeaderValue();
if (cookieStr.IndexOf("SameSite=", StringComparison.OrdinalIgnoreCase) < 0)
{
cookieStr += ";SameSite="+(Config.UseSameSiteCookies ? "Strict":"None");
}
req.Response.AddHeader("Set-Cookie", cookieStr);
return false;
}
But it’s a hack I wouldn’t recommend using, upgrade .NET Framework to v4.7.2 instead. Also note to send None SameSite cookies you need to be over a secure connection (https) and you need to use Secure Cookies, i.e:
SetConfig(new HostConfig {
UseSecureCookies = true,
});