After enhancing the default security options in v1.1.5, this has added difficulty to some users when developing locally (as a strict same-site cookie option causes lots of issues on localhost or 127.* IPs). The default option is now changed to Same-site: Lax, which introduces the cookie option but doesn't enforce the strict policy on localhost.