Closed
Description
When setting SameSite to None in a cookie, the value isn't added to the actual cookie:
This was fine until now because None was the default value used by all web browsers when the property is not set.
Unfortunately, Chrome is changing that, and starting with version 80 the default value will be Lax: https://www.chromestatus.com/feature/5088147346030592
It means that whenever we set SameSite to None in AspNetCore, no value is sent to the browser, and it's going to be interpreted as "Lax" by Chrome.
As a fix, we can either remove the if (SameSite != SameSiteMode.None)
check in SetCookieHeaderValue, or add a "SameSiteSet" field to detect when the user wants to let the browser decide of the default value.