diff --git a/main.go b/main.go
index 215c2a6..08341e5 100644
--- a/main.go
+++ b/main.go
@@ -50,7 +50,12 @@ func main() {
 		MaxAge:   60 * 80 * 24 * 7, // 7 days
 		HttpOnly: true,
 		Secure:   os.Getenv("ENV") == "production",
-		SameSite: http.SameSiteLaxMode,
+		SameSite: func() http.SameSite {
+			if os.Getenv("CORS_ORIGINS") != "" {
+				return http.SameSiteNoneMode
+			}
+			return http.SameSiteLaxMode
+		}(),
 	})
 	r.Use(sessions.Sessions("rideaware-session", store))