From b352999dd1a0562381ac24e79b71a75c6dc110c6 Mon Sep 17 00:00:00 2001
From: Paulo Margarido <paulo.margarido@shopify.com>
Date: Tue, 9 Feb 2021 15:00:46 -0500
Subject: [PATCH] Set OAuth cookies SameSite to lax

---
 src/auth/oauth/oauth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/auth/oauth/oauth.ts b/src/auth/oauth/oauth.ts
index 6c9098724..d92a9a6f4 100644
--- a/src/auth/oauth/oauth.ts
+++ b/src/auth/oauth/oauth.ts
@@ -63,7 +63,7 @@ const ShopifyOAuth = {
     cookies.set(ShopifyOAuth.SESSION_COOKIE_NAME, session.id, {
       signed: true,
       expires: new Date(Date.now() + 60000),
-      sameSite: 'none',
+      sameSite: 'lax',
       secure: true,
     });
 
@@ -173,7 +173,7 @@ const ShopifyOAuth = {
     cookies.set(ShopifyOAuth.SESSION_COOKIE_NAME, currentSession.id, {
       signed: true,
       expires: oauthSessionExpiration,
-      sameSite: 'none',
+      sameSite: 'lax',
       secure: true,
     });