My frontend is hosted in (example.com) and backend in (api.example.com). This counts as cross-origin and I'm using Passport.js with Redis for sessions (with cookies). However, this Google Chrome message came up:
Cookies with the SameSite=None; Secure and not Partitioned attributes that operate in cross-site contexts are third-party cookies. In future Chrome versions, reading third-party cookies will be blocked. This behavior protects user data from cross-site tracking.
Does this mean that my authentication service will stop working after the Chrome update, and is there any way to come around this? The only solution that comes to my mind right now is hosting the backend on example.com/api. Is there any other way that will not require the backend to change its location?