GitLab

Chrome 80 will consider cookies as "Samesite=Lax" by default. This is an issue using applications protected by LemonLDAP included into iframes. We need to have the ability to set the SameSite attribute of session cookies to "None".

Usecase: MyDomain is SP, and is included as an iframe in Domain2 website (SP) -> SSO broken (infinite loop), because LemonLDAP session cookie does not have the SameSite attribute, so the session cookie is not sent