diff --git a/api-server/server/middlewares/csurf.js b/api-server/server/middlewares/csurf.js
index 7229e4194f..e21c2e638c 100644
--- a/api-server/server/middlewares/csurf.js
+++ b/api-server/server/middlewares/csurf.js
@@ -3,7 +3,9 @@ import csurf from 'csurf';
 export default function() {
   const protection = csurf({
     cookie: {
-      domain: process.env.COOKIE_DOMAIN || 'localhost'
+      domain: process.env.COOKIE_DOMAIN || 'localhost',
+      sameSite: 'strict',
+      secure: true
     }
   });
   return function csrf(req, res, next) {