I noticed the following warning in the console window of my browser while I was working on a Nitrogen site.
In my poking around in the code, it looks like the SameSite attribute is just not implemented. It would take some changes to a couple of different record definitions and some code in at least simple_bridge and nitrogen.
Does this sound right? I can open an issue on Github if that would be helpful. Which project would be best?
Also, I don't seem to see anywhere that I can set the "secure" attibute for the cookie, which would be another way to work around this, according to the link mentioned above.