RailsでCookieのSameSite属性を指定する
sessionで使うCookieではconfig.session_storeのsame_siteオプションで指定できる
https://www.bokukoko.info/entry/2020/02/03/183328
code:ruby
Rails.application.config.session_store :xxx_store, same_site: :strict
Rails 6.1からはconfig.action_dispatch.cookies_same_site_protectionで指定できるようになるっぽい
https://github.com/rails/rails/commit/cd1aeda0a9dc15f09d7bf1b8b59e2ce07946f031
code:ruby
Rails.application.config.action_dispatch.cookies_same_site_protection = :strict