A cookie associated with a cross-site resource at http://tetris-back-end.herokuapp.com/ was set without the `SameSite` attribute.
I get that error when I try and set a cookie on the front end. Here's how my cookie is being set on the back end:
const sessionOptions: Options = {
store: new RedisStore({
client: redis as any,
}),
name: "qid",
secret: String(process.env.SECRET),
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: process.env.NODE_ENV === "development",
secure: process.env.NODE_ENV === "production",
sameSite: "none",
maxAge: 1000 * 60 * 60 * 24 * 7 * 365, // 7 years
},
};
So the same site is being set to none, but I'm still getting that error.
I did some poking around and consoled my node env in my start message.
app.listen(process.env.PORT, () => {
console.log(message, `NODE ENV: ${process.env.NODE_ENV} `);
});
It prints development locally and production in Heroku logs.
When I set a cookie locally it works, but I get an error:
A cookie associated with a resource at http://localhost/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
So locally is the same code (I'm on master and it's all synced up). It works when I do it, but since NODE_ENV === "development" it sets secure to false.
The important thing I think here is that it DOES see that I've set SameSite=None locally, but it is NOT picking that up upon production.
Why would the same site attribute be recognized locally as being set, but not on production build???
Any help would be tremendous! Thanks!
