My app is absolutely security critical. I finished building its web version with SameSite=Strict cookies. Now that I'm building its mobile version I can't seem to make the cookies work.
I was expecting a seamless cross-platform cookie experience, but from a mobile perspective the origin is "http://localhost" and not "https://my-website.com". Are mobile apps limited to SameSite=None cookies?
You can set a custom hostname by setting this preference in your config.xml
<preference name="hostname" value="my-website.com" />