1 files changed, 2 insertions, 1 deletions

diff --git a/web/web.go b/web/web.go
index ffec8b9..d8dd832 100644
--- a/web/web.go
+++ b/web/web.go
@@ -373,7 +373,8 @@ func CSRFMiddleware(next http.Handler) http.Handler {
 				Value:    token,
 				Path:     "/",
 				HttpOnly: false, // accessible by JS
-				SameSite: http.SameSiteLaxMode,
+				SameSite: http.SameSiteNoneMode,
+				Secure:   false, // Set to true in production with HTTPS
 			})
 		} else {
 			token = cookie.Value