fix(clerk-js): Force SameSite=none for chips (#5775)

jacekradko · Copilot · web-flow · commit fe61d986f4bc · 2025-04-30T19:24:58.000Z
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.changeset/hungry-foxes-sell.md b/.changeset/hungry-foxes-sell.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Forcing \_\_session cookie to have SameSite=none attribute in the CHIPS build variant
diff --git a/packages/clerk-js/src/core/auth/cookies/session.ts b/packages/clerk-js/src/core/auth/cookies/session.ts
@@ -29,9 +29,9 @@ export const createSessionCookie = (cookieSuffix: string): SessionCookieHandler
 
   const set = (token: string) => {
     const expires = addYears(Date.now(), 1);
-    const sameSite = inCrossOriginIframe() ? 'None' : 'Lax';
+    const sameSite = __BUILD_VARIANT_CHIPS__ ? 'None' : inCrossOriginIframe() ? 'None' : 'Lax';
     const secure = getSecureAttribute(sameSite);
-    const partitioned = __BUILD_VARIANT_CHIPS__ && secure && sameSite === 'None';
+    const partitioned = __BUILD_VARIANT_CHIPS__ && secure;
 
     // If setting Partitioned to true, remove the existing session cookies.
     // This is to avoid conflicts with the same cookie name without Partitioned attribute.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@clerk/clerk-js': patch
 +---
++
 +Forcing \_\_session cookie to have SameSite=none attribute in the CHIPS build variant