If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction using the None directive. The None directive requires the Secure attribute.
In order to have the desired behavior of SameSite = None, we have to set the Secure attribute.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Secure
In order to have the desired behavior of
SameSite = None
, we have to set the Secure attribute.