A recent change in Chromium made it mandatory for cookies with SameSite=None to be transfered securely.
I'm using webpack-dev-server through vue-cli. My requests to my API are proxied to another site using webpack. Cookie has SameSite=None and Secure=false.
I can get my backend to use only Secure cookies and over HTTPS they seem to be Secure by default. I think the problem is my dev server not using HTTPS and when I use HTTPS in webpack-dev-server, it works. However, I get complaints from Chrome about not having a valid certificate.
I can't imagine I'm the first person to have this problem. How can I solve this in a smooth way?
EDIT:
I have tried chrome://flags/#allow-insecure-localhost
but that still generates massive amounts of errors and warnings in the console.
For the moment my solution is configuring the backend to give out unsecure cookies with SameSite=Lax during development.
Anything better is appreciated.
EDIT:
I am now using self-signed certificates with webpack dev server, running the dev server on HTTPS too.