I have a Laravel 7 application with a Cordova based webview app as a secondary interface. To support cross domain requests from the app, I can't use SameSite policies strict or lax.
Apparently Chrome has changed (and temporarily rolled back) the cookie samesite default value to lax. Which means I should set the SameSite policy to none.
But if I set my SameSite policy to none, then older Safari webviews think none means strict. And my app won't work on those devices. Which means I shouln't set SameSite at all? (Laravel setting null)
What should i do, so I can serve both old Safari and new Chrome browsers? Can Laravel change the SameSite setting dynamically depending on the user agent?
You can detect the UserAgent for the browser, and then don't serve the SameSite setting to the browsers that don't support it.
The Chromium blog has a great article about it https://www.chromium.org/updates/same-site/incompatible-clients
That should cover everything for you! 👍🏻