SameSite=None requires Secure=true per browser spec. When running over plain HTTP (local dev, e2e tests), browsers reject or downgrade the cookie, breaking session refresh. Fall back to SameSite=Lax for HTTP while keeping SameSite=None for HTTPS (needed for the Electron desktop app cross-origin scenario). |
||
|---|---|---|
| .. | ||
| auth | ||
| avatar | ||
| background | ||
| dump | ||
| keyvalue | ||
| migration | ||