Serving Cookies where front and back end different domains

I am getting the following message in Chrome:
“A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.”

My set up is as follows
The API is hosted on a different domain than the VueJS client.

Here is the config on the ServiceStack side:

public override void Configure(Container container)

            SetConfig(new HostConfig
                UseSameSiteCookies = false,
                UseSecureCookies = true,
                DebugMode = AppSettings.Get("DebugMode", false),
                UseCamelCase = true

Please let me know how I can serve SameSite=None and Secure cookies?

Many thanks for a great product.

Here is the cookie info.

ss-id cookie e.g. set to domain of API.

You can configure how cookies are set in .NET Framework by overriding void HttpCookieFilter(HttpCookie cookie) in your AppHost or in .NET Core by overriding CookieOptionsFilter() in your AppHost, e.g:

public override void CookieOptionsFilter(Cookie cookie, CookieOptions cookieOptions)
    cookieOptions.SameSite = SameSiteMode.None;

I’ve also just updated this in this commit so in ASP.NET Core it automatically populates SameSite with None if UseSameSiteCookies == false which is now available from v5.8.1 on MyGet.

1 Like

Yip thanks. All good!