Once the fix to this issue is
released, you will be able to use
set_cookie()
like this:
from flask import Flask, make_response
app = Flask(__name__)
@app.route('/')
def hello_world():
resp = make_response('Hello, World!')
# Set a same-site cookie for first-party contexts
resp.set_cookie('cookie1', 'value1', samesite='Lax')
# Set a cross-site cookie for third-party contexts
resp.set_cookie('cookie2', 'value2', samesite='None', secure=True)
return respWhile you're waiting for the release, you can still set the header explicitly:
from flask import Flask, make_response
app = Flask(__name__)
@app.route('/')
def hello_world():
resp = make_response('Hello, World!')
# Set a same-site cookie for first-party contexts
resp.set_cookie('cookie1', 'value1', samesite='Lax')
# Ensure you use "add" to not overwrite existing cookie headers
# Set a cross-site cookie for third-party contexts
resp.headers.add('Set-Cookie','cookie2=value2; SameSite=None; Secure')
return resp