diff --git a/src/routes/csrf_protection.ts b/src/routes/csrf_protection.ts
index aadd02100..0c7968af8 100644
--- a/src/routes/csrf_protection.ts
+++ b/src/routes/csrf_protection.ts
@@ -6,8 +6,8 @@ const doubleCsrfUtilities = doubleCsrf({
     cookieOptions: {
         path: "", // empty, so cookie is valid only for the current path
         secure: false,
-        sameSite: false,
-        httpOnly: false
+        sameSite: "strict",
+        httpOnly: true
     },
     cookieName: "_csrf"
 });