SameSite Options (samesite)

An element that is configured within the httpEndpoint element so that the associated HTTP channel can consider SameSite configurations.

NameTypeDefaultDescription

id

string

A unique configuration ID.

lax

string

List of cookie names or patterns for which the SameSite attribute is set to a value of Lax, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'none' nor 'strict' configurations.

none

string

List of cookie names or patterns for which the SameSite attribute is set to a value of None, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'strict' configurations. Each cookie that is modified to contain a SameSite value of None as a result of this configuration is also set to Secure.

partitioned

boolean

false

When this attribute is set to true, all SameSite=None cookies are partitioned and therefore are sent in cross-site requests. The default value is false, which means that cookies are not partitioned.

strict

string

List of cookie names or patterns for which the SameSite attribute is set to a value of Strict, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'none' configurations.