From 1a7bc4dfa596604e154966febf4165e03b1e29aa Mon Sep 17 00:00:00 2001
From: M1 <m1-pro@M1s-MacBook-Pro.local>
Date: Wed, 18 Mar 2026 11:41:00 +0400
Subject: [PATCH] =?UTF-8?q?fix:=20sameSite=3Dnone=20for=20cross-origin=20c?=
 =?UTF-8?q?ookie=20(pingql.com=20=E2=86=92=20api.pingql.com)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/api/src/routes/auth.ts | 2 +-
 apps/web/src/routes/auth.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/api/src/routes/auth.ts b/apps/api/src/routes/auth.ts
index 66ca71d..0a030eb 100644
--- a/apps/api/src/routes/auth.ts
+++ b/apps/api/src/routes/auth.ts
@@ -78,7 +78,7 @@ export function requireAuth(app: Elysia) {
 const COOKIE_OPTS = {
   httpOnly: true,
   secure: process.env.COOKIE_SECURE !== "false",
-  sameSite: "lax" as const,
+  sameSite: "none" as const,
   path: "/",
   domain: process.env.COOKIE_DOMAIN ?? ".pingql.com",
   maxAge: 60 * 60 * 24 * 30, // 30 days
diff --git a/apps/web/src/routes/auth.ts b/apps/web/src/routes/auth.ts
index b47e0a9..cc89f40 100644
--- a/apps/web/src/routes/auth.ts
+++ b/apps/web/src/routes/auth.ts
@@ -78,7 +78,7 @@ export function requireAuth(app: Elysia) {
 const COOKIE_OPTS = {
   httpOnly: true,
   secure: process.env.COOKIE_SECURE !== "false",
-  sameSite: "lax" as const,
+  sameSite: "none" as const,
   path: "/",
   domain: process.env.COOKIE_DOMAIN ?? ".pingql.com",
   maxAge: 60 * 60 * 24 * 30, // 30 days