Is there a way to override the SameSite attribute on on the UMB-XSRF-TOKEN cookie to set this to strict? A follow up question: is there a benefit to doing this and why isn't it doing it already out of the box? A security scan has come back with a weekness suggesting to set SameSite to a value, as currently it isn't being set with one. I've been looking into this, but haven't found an easy way to do this or whether it could cause potential problems with Umbraco. I know browsers are cracking down on CSRF vulnerabilities, Chrome 85 no longer supported unsecure SameSite=none cookies. It just seems strange that this isn't being set to a value, whereas UMB-XSRF-V is.

I'd need to read up on all of this, but please talk to security@umbraco.com about any concerns: https://umbraco.com/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/