From fe5aed075fb2fc156f2ef8d9721686b01d009e99 Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Thu, 7 Aug 2025 14:10:33 +0200
Subject: [PATCH] fix: update SameSite cookie attribute to 'none' for
 cross-site requests

---
 server/api/auth/direct-login.post.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/auth/direct-login.post.ts b/server/api/auth/direct-login.post.ts
index a4c4185..460b429 100644
--- a/server/api/auth/direct-login.post.ts
+++ b/server/api/auth/direct-login.post.ts
@@ -322,7 +322,7 @@ export default defineEventHandler(async (event) => {
       setCookie(event, 'monacousa-session', encrypted, {
         httpOnly: true,
         secure: true,
-        sameSite: 'lax',
+        sameSite: 'none',
         maxAge,
         path: '/',
       });