jaliss
commented
6 years ago @gmethvin I added a new config setting to support this and defaulted to Lax you suggested. Latest master-snapshot has the changes. If you try it out let me know if you see issues. Thanks!
We should have a way to set the SameSite attribute of the SecureSocial cookie, since SameSite is supported in Play 2.6. I think it makes sense to set to Lax by default like the Play session cookie.