Error when set sameSite from strict or lax to none - HTTP only cookie - ExpressJS

Question

I am running on a MERN stack project. Back-end runs on port 5000, and front-end runs on port 3000.

After I've built to production, I pushed the server file to Heroku and the client file to Netlify. Therefore I have to change sameSite from strict to none, and the problem appeared in both the development environment and production environment.

Here is my code to create cookie

 validateLogin(req, res, next){
    user.find({username : req.body.username})
    .then(async (user) => {
        const valid = await bcrypt.compare(req.body.password, user[0].password); 
        if (valid) 
        res.cookie('token',"Hello",{
            httpOnly:true,
            maxAge:3600000*5,
            sameSite:'none',
            secure:true,
         }).status(200).send("Login Successful")
        res.status(403).send({status: false, message: `Wrong password`});
    })
    .catch(() => {res.status(400).send({status : false,message : `Cannot validate login`})});
}

At first, as I've mentioned, the cookie worked smoothly when the sameSite:'strict' or sameSite:'lax' on the development environment. But I had to change it for production purposes.

The status code 400 returned when I try to validate login. When sameSite != none it returns with status code 200 and receive the message Login Successful, but no cookie added

Answer 1

I have resolved it by updating expressJS to the highest version