···4747 .map_err(|e| AppError::Internal(format!("OAuth authorize failed: {e}")))?;
48484949 // Store the redirect URI in a cookie if provided
5050+ // Must use SameSite=None for cross-origin requests (e.g., Pentaract calling HappyView)
5051 let jar = if let Some(redirect_uri) = query.redirect_uri {
5152 let mut cookie = Cookie::new(REDIRECT_COOKIE_NAME, redirect_uri);
5253 cookie.set_path("/");
5354 cookie.set_http_only(true);
5454- cookie.set_same_site(axum_extra::extract::cookie::SameSite::Lax);
5555- if state.config.public_url.starts_with("https") {
5656- cookie.set_secure(true);
5757- }
5555+ cookie.set_same_site(axum_extra::extract::cookie::SameSite::None);
5656+ cookie.set_secure(true); // Required when SameSite=None
5857 jar.add(cookie)
5958 } else {
6059 jar