How to Set `SameSite` Attribute in netlify.toml

Hello,

What is the proper syntax to set the SameSite attributes to SameSite=None; Secure in a netlify.toml?

We are getting cross-site request errors between ours and .imagekit.io/ for delivering images that are fetched here on Netlify and transformed/optimized at ImageKit and then sent to the client.

The effected cookies:

I appreciate your help in advance – esp. being this is an area I am not to speed with

Same Site is a cookie attribute. It’s supposed to be set with a set-cookie header, it’s not a header itself. But I don’t think you’re doing what you think you’re. Mind sharing your site so we can see the issue?

Thank you, I am aware that its an attribute headers setting: Set-Cookie.

The question is how to properly set this in the netlfy.toml – not sure what ==value should be/is-correct and should there be a dot prefexing imagekit.io as the response shows; i.e imagekit.io ??

Using the following two cookies, would this be correct?

[[headers]]
  for = "/*"
  [headers.values]
    . . .
    # ==== Cookies =====>
    Set-Cookie = '''
      _gcl_au=1.1.1322023902.1688267673; Secure; Domain=imagekit.io,
      _gid=GA1.2.640555962.1688267674; Secure; Domain=imagekit.io,
      _ga_WQGX7PLP73=GS1.1.1688267673.1.1.1688268410.60.0.0; Secure; Domain=imagekit.io,
      _ga=GA1.2.1028778481.1688267674; Secure; Domain=imagekit.io,
      _uetsid=915e8540188611ee83c771cbc457e810; Secure; Domain=imagekit.io,
      _uetvid=915e62d0188611eebe94f791ad0fcebe; Secure; Domain=imagekit.io
      '''
  . . .

Note: No need to send site info & I don’t want to send up the wrong Netlify formatting/settings – there are many stake-holders accessing the staging site over the weekend but this header policy needs to be implemented asap.

Thank you again

Unless your site runs on imagekit.io, you can’t set a cookie for that domain. Which is why I asked for your site to see the exact issue.