Well, I’m certainly not an expert, but the case I have here at hand is embedding in an iframe. Piecing together from web.dev: SameSite cookie recipes
Any cookies used by that site will be considered as third-party cookies when the site is displayed within the frame.
For cookies needed in a third-party context, you will need to ensure they are marked as
SameSite=None; Secure .
Configuring my Chrome browser to impose the new rules, I can’t see HAproxie’s cookie any more for that specific use case.
I do not intent to require changing the default setting of this cookie – I’m just wondering about a way to configure it. Regarding HTTP/HTTPS, I am aware about a
secure setting for the haproxy cookie and I assume this is exactly for that. I am asking if there is a similar way to set “SameSite”, e.g.
samesite : strict|lax|none.