Fix incorrect setting of the SameSite cookie param

Add samesite cookie param support in form key provider and admin tools

Author: ihor-sviziev

app/code/Magento/PageCache/view/frontend/web/js/form-key-provider.js

@@ -17,14 +17,17 @@ define(function () {
         function setFormKeyCookie(value) {
             var expires,
                 secure,
+                samesite,
                 date = new Date(),
-                isSecure = !!window.cookiesConfig && window.cookiesConfig.secure;
+                cookiesConfig = window.cookiesConfig || {},
+                isSecure = !!cookiesConfig.secure;
 
             date.setTime(date.getTime() + 86400000);
             expires = '; expires=' + date.toUTCString();
             secure = isSecure ? '; secure' : '';
+            samesite = '; samesite=' + (cookiesConfig.samesite ? cookiesConfig.samesite : 'lax');
 
-            document.cookie = 'form_key=' + (value || '') + expires + secure + '; path=/';
+            document.cookie = 'form_key=' + (value || '') + expires + secure + '; path=/' + samesite;
         }
 
         /**

lib/web/mage/adminhtml/tools.js

@@ -267,7 +267,7 @@ var Cookie = {
 
         return null;
     },
-    write: function (cookieName, cookieValue, cookieLifeTime) {
+    write: function (cookieName, cookieValue, cookieLifeTime, samesite) {
         var expires = '';
 
         if (cookieLifeTime) {
@@ -278,7 +278,9 @@ var Cookie = {
         }
         var urlPath = '/' + BASE_URL.split('/').slice(3).join('/'); // Get relative path
 
-        document.cookie = escape(cookieName) + '=' + escape(cookieValue) + expires + '; path=' + urlPath;
+        samesite = '; samesite=' + (samesite ? samesite : 'lax');
+
+        document.cookie = escape(cookieName) + '=' + escape(cookieValue) + expires + '; path=' + urlPath + samesite;
     },
     clear: function (cookieName) {
         this.write(cookieName, '', -1);