Add samesite to cookies using Nginx as reverse proxy

Solution 1:

With this code you can define all your application cookies as secure, httponly and/or samesite using proxy_cookie_path (

location / {
        # your usual config ...
        # hack, set all cookies to secure, httponly and samesite (strict or lax)
        proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";

Solution 2:

I had similar problem with web app which doesn't support samesite attribute. I've created similar workaround to @Beccari solution:

proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none";

You have to put it in proper context, in my case in location. If you need set up none value like in my case, please remember that you have to add Secure attribute too to enable third party cookies for other websites.