{"id":20,"hash":"ece38928be243428c25a5ad2249de4d2247c236f89e9913447eb85bfbf568c25","pattern":"Cookie has been rejected because it is in a cross-site context","full_message":"Cookie has been rejected because it is in a cross-site context and its SameSite is Lax or Strict.","ecosystem":null,"package_name":null,"package_version":null,"solution":"Browsers block cross-site cookies unless SameSite=None; Secure.\n1. Set cookie with `SameSite=None; Secure` (requires HTTPS).\n2. Express cookie-session: `{ sameSite: 'none', secure: true }`.\n3. Verify the top-level domain and subdomain match when using `Domain=`.\n4. In dev, use HTTPS locally (mkcert) or set the API under the same origin.","confidence":0.88,"source":"mdn","source_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute","votes":27,"created_at":"2026-04-19T03:24:37.001239+00:00","updated_at":"2026-04-19T03:25:24.789231+00:00"}