We got an email from Auth0 warning us about upcoming changes to cookies' behavior in browsers. These changes would cause our iframes to break.
Starting soonish, cookies will not be sent to server when SameSite is None and cookie is not secure.
So, in order for our cookies to work we need:
in production: Secure cookies (we already have this) and SameSite None (this last thing is because other values would break iframes embedded in sites not our own)
in development: Insecure cookies (not really a requirement, but then we'd have to setup development over https which is a huge pain) and SameSite Lax (that way cookies will be sent to dev server)
We got an email from Auth0 warning us about upcoming changes to cookies' behavior in browsers. These changes would cause our iframes to break.
Starting soonish, cookies will not be sent to server when SameSite is None and cookie is not secure.
So, in order for our cookies to work we need: