I have an application that has a Cookie based tracking strategy, but
given that the SameSite setting is hardcoded to be 'Strict' it forbids
(and actually breaks) the behavior of my Seaside app when it is
embedded into an <iframe> in a third party domain.
Should this SameSite setting be configurable somehow?
The only way I found to do this was by subclassing the tracking strategy class.
Esteban A. Maringolo