Update express to 4.17 to set sameSite: 'none' cookie

[adithya321]

expressjs/express#3958

[baileymckay]

This is really important. I have a production application breaking now when clients update their Chrome to a version that rejects any cookies without this set. It should be an easy fix, no? Express has already been updated to support this.

[lejager]

Any progress? I also have a production app that users are no longer able to log in to.

[gregegan]

Bump. Having the same issue. Can we please support sameSite: 'none'?

[greggall]

Yes, need this supported please!

[Asjas]

You should be able to get it working by resolving Express to a newer version such as 4.17.0. You can add this to your package.json file as an extra field.

"resolutions": {
  "express": "4.17.0"
}

If you are using yarn then support for this functionality is included out of the box, if you are using npm then you need to use a package such as npm-force-resolutions. This should allow you to then set the sameSite property. 🙂

https://github.com/rogeriochaves/npm-force-resolutions#how-to-use

[Asjas]

As an update to this issue, you can fix it by deleting your package-lock.json or yarn.lock file and then reinstalling the npm packages. When you install the npm packages it should then resolve to a newer version of Express that supports the sameSite option and you will get a updated package-lock.json 🙂

[saihaj]

Hey @adithya321 @baileymckay @Asjas @gregegan @greggall @lejager we @the-guild-org are the new maintainers for this project. We are actively developing v2. The new yoga server is framework agnostic, so you can bring framework of your choice! Checkout our express server integration https://www.graphql-yoga.com/docs/integrations/integration-with-express would love to get your feedback on this!