Due to some legacy issues, we are unable to upgrade HapiJS to their newer versions. We're currently blocked at "16.7.0".

Unfortunately, this specific version of HapiJS only accepts isSameSite as a boolean, therefore no longer compatible with the current Cookie Spec (whereas SameSite is required to specifically be None).

function handler(request, reply) {
  reply.state('CookieName', 'CookieValue', {
    /* string */ domain: `.${process.env.DOMAIN}`,
    /* number */ ttl: 24 * 60 * 60 * 1000,
    /* boolean */ isHttpOnly: false,
    /* boolean */ isSecure  : true,
    /* boolean */ isSameSite: false,
    /* string */ path: '/'
  });
}

Is there a way to override their internals to force SameSite=None?

{
  "hapi": "16.7.0"
}