
hryb0 (hryb0) asked a question.
The react app I've been working has been pen tested recently. One of the items that came up was the recommendation that cookies should have SameSite set to "Lax" as a minimum.
The only cookies in our react app are the following from Okta:
- okta-oauth-nonce
- okta-oauth-redirect-params
- okta-oauth-state
These all have SameSite set to "None".
Is there a way to configure the SameSite value for these cookies?
Thanks,
Jaimie

I found a solution that I'm adding in case anyone else finds this question.
In the configuration object that is passed to the OktaAuth object from okta-auth-js, I added the following:
cookies: {
sameSite: "lax"
}
This meant that the okta-oauth-* cookies had their SameSite property set to Lax