I tried that and have another issue now. We develop an app that is running inside iframe. To make cookies work in an iframe I have to set

sameSite

to

none

which also enables CSRF check in supertokens. After that I'm receiving

'anti-csrf check failed'

again.