Setting a shopOrigin cookie in server.js for getting shopName

New Member
12 0 0
 I am setting the cookie shopOrigin in my app using the below code as mentioned in shopify official tutorial 
 ctx.cookies.set('shopOrigin'shop, {
          httpOnly: false,
          secure: true,
          sameSite: 'none'
When we did a vulnerability testing , the report is as follows:
1. The http flag should be enabled for all cookies
2. sameSite flag is missing and recommendation is to set the same.
How do we achieve this? Can anybody please help on this.