The SameSite cookie attribute is being rapidly adopted across browsers, and it backwards compatible.
For cross-site integration purposes, this likely needs to be a config.php level toggle.
Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
For cross-site integration purposes, this likely needs to be a config.php level toggle.
Upvote
19