diff --git a/src/meta/configs.js b/src/meta/configs.js
index c28d3e2ff8..da07f68fbd 100644
--- a/src/meta/configs.js
+++ b/src/meta/configs.js
@@ -164,6 +164,9 @@ Configs.cookie = {
 			cookie.path = relativePath;
 		}
 
+		// Ideally configurable from ACP, but cannot be "Strict" as then top-level access will treat it as guest.
+		cookie.sameSite = 'Lax';
+
 		return cookie;
 	},
 };