I'm porting a Chrome extension to Safari. All works well besides the auth flow, which uses SameSite=Strict cookies.
On Chrome, such cookies are easily set and work as expected, but not on Safari.
Now, as I understand, technically, requests from chrome-extension:// and safari-web-extension:// origins are cross-site in relation to the server, which makes me think that on Chrome, the SameSite=Strict attribute is simply ignored as an exception for extensions. With that said, the backend team wants to keep the attribute for security reasons and so removing it or replacing it with SameSite=None isn't an option.
Is this an intended behavior of Safari or a bug? Is there a way to get around this without changing the attribute?