Update src/routers/auth.py

src/routers/auth.py

@@ -57,7 +57,7 @@ def register(user_data: RegisterRequest, response: Response, session: Session =
         value=access_token,
         httponly=True,
         secure=settings.JWT_COOKIE_SECURE,  # True in production, False in development
-        samesite="lax",
+        samesite="none",  # Allow cross-site cookies; browsers require Secure for SameSite=None
         max_age=settings.ACCESS_TOKEN_EXPIRE_DAYS * 24 * 60 * 60,  # Convert days to seconds
         path="/"
     )
@@ -93,14 +93,14 @@ def login(login_data: LoginRequest, response: Response, session: Session = Depen
         value=access_token,
         httponly=True,
         secure=settings.JWT_COOKIE_SECURE,  # True in production, False in development
-        samesite="lax",
+        samesite="none",  # Allow cross-site cookies; browsers require Secure for SameSite=None
         max_age=settings.ACCESS_TOKEN_EXPIRE_DAYS * 24 * 60 * 60,  # Convert days to seconds
         path="/"
     )
     
     # Debug: Print the cookie being set
     print(f"Setting cookie: access_token={access_token}")
-    print(f"Cookie attributes: httponly={True}, secure={settings.JWT_COOKIE_SECURE}, samesite=lax, max_age={settings.ACCESS_TOKEN_EXPIRE_DAYS * 24 * 60 * 60}")
+    print(f"Cookie attributes: httponly={True}, secure={settings.JWT_COOKIE_SECURE}, samesite=none, max_age={settings.ACCESS_TOKEN_EXPIRE_DAYS * 24 * 60 * 60}")
 
     # Return response
     return LoginResponse(
@@ -123,7 +123,7 @@ def logout(response: Response):
         value="",
         httponly=True,
         secure=settings.JWT_COOKIE_SECURE,
-        samesite="lax",
+        samesite="none",  # Allow cross-site cookies; browsers require Secure for SameSite=None
         max_age=0,  # Expire immediately
         path="/"
     )