Cookies should have SameSite=None to allow wikis with custom domains (e.g. scp-wiki.net, kontainer.djkakt.us) to be accepted.
I want to continue working with the finer details of my setsecurecookie() function to determine when you should be using the SameSite flag. I’ve been setting it everywhere and I’d like to tighten that scope a little.
I was rereading the chrome docs just now, and I think you only need to set SameSite if the cookie is for custom domains. So check if SNI matches the wikijump wildcard and do it based on that?
Though I don’t see a lot of downside to just always specifying the cookies must be SameSite=None; Secure? (or at least just the Secure flag)