How to set SameSite attribute to 'None; Secure' in Rails3.1.12 and Ruby1.9.3

In Rails 6.0 and 6.1 the same_site attribute has been added:

cookies["foo"] = {  value: "bar",  secure: Rails.application.config.secure_cookies,  same_site: "None"}

For Rails 5.x and lower, the rails_same_site_cookie gem is a good option for adding SameSite=None; to all your app's cookies. It uses middleware to do it.

The way to set custom headers is to add the line below to your controller action:

response.headers['Set-Cookie'] = 'Secure;SameSite=None'.

Action dispatch cookies is responsible for writing cookies to browser set in application, this uses Rack::Utils.set_cookie_header!.

Support for SameSite has been added after rack version 1.6, you need to check your rack version in Gemfile and if it is < 1.6 you need to add the following code in config/initializers

require 'rack/utils'module Rack  module Utils    def self.set_cookie_header!(header, key, value)      case value      when Hash        domain  = "; domain="  + value[:domain] if value[:domain]        path    = "; path="    + value[:path]   if value[:path]        max_age = "; max-age=" + value[:max_age] if value[:max_age]        expires = "; expires=" +          rfc2822(value[:expires].clone.gmtime) if value[:expires]        secure = "; secure"  if value[:secure]        httponly = "; HttpOnly" if value[:httponly]        same_site =          case value[:same_site]          when false, nil            nil          when :none, 'None', :None            '; SameSite=None'          when :lax, 'Lax', :Lax            '; SameSite=Lax'          when true, :strict, 'Strict', :Strict            '; SameSite=Strict'          else            raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"          end        value = value[:value]      end      value = [value] unless Array === value      cookie = escape(key) + "=" +        value.map { |v| escape v }.join("&") +        "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"      case header["Set-Cookie"]      when nil, ''        header["Set-Cookie"] = cookie      when String        header["Set-Cookie"] = [header["Set-Cookie"], cookie].join("\n")      when Array        header["Set-Cookie"] = (header["Set-Cookie"] + [cookie]).join("\n")      end      nil    end  endend

Once done you can set SameSite attribute while creating a new cookie, for ex:

cookies['testing'] = {  value: 'test',  path: '/',  expiry: 1.weeks.from_now,  same_site: :none}

you can also add the same_site: <value> to your session store as well.

Hope this helps!