From bfa0690065523eb56673a22cc79390ca4d328ffc Mon Sep 17 00:00:00 2001
From: siujamo <jamo.siu@outlook.com>
Date: Thu, 12 Mar 2026 17:25:19 +0800
Subject: [PATCH] fix: update cookie settings for production and development
 modes

---
 src/main/java/com/onixbyte/helix/service/AuthService.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/onixbyte/helix/service/AuthService.java b/src/main/java/com/onixbyte/helix/service/AuthService.java
index d7304c8..1411a56 100644
--- a/src/main/java/com/onixbyte/helix/service/AuthService.java
+++ b/src/main/java/com/onixbyte/helix/service/AuthService.java
@@ -127,8 +127,11 @@ public class AuthService {
                 .path("/");
 
         return switch (applicationMode) {
-            case PRODUCTION -> cookieBuilder.httpOnly(true);
-            case DEVELOPMENT -> cookieBuilder.sameSite("NONE");
+            case PRODUCTION -> cookieBuilder
+                    .httpOnly(true)
+                    .sameSite("LAX");
+            case DEVELOPMENT -> cookieBuilder
+                    .sameSite("NONE");
             case null -> cookieBuilder;
         };
     }