diff --git a/app/main.py b/app/main.py
index 110a3b4..dd73004 100644
--- a/app/main.py
+++ b/app/main.py
@@ -507,7 +507,7 @@ def issue_csrf_cookie(response: RedirectResponse) -> str:
         value=token,
         httponly=False,
         secure=True,
-        samesite="strict",
+        samesite="lax",
         max_age=COOKIE_MAX_AGE,
         path="/",
     )
@@ -1846,7 +1846,7 @@ def index(request: Request, user: Optional[User] = Depends(get_current_user), db
                 "session_notice": session_notice,
             },
         )
-        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="strict", path="/")
+        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="lax", path="/")
         return response
 
     services = db.scalars(
@@ -2073,7 +2073,7 @@ def login(
             },
             status_code=401,
         )
-        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="strict", path="/")
+        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="lax", path="/")
         return response
     if not user_is_valid(user):
         csrf = request.cookies.get(CSRF_COOKIE) or secrets.token_urlsafe(24)
@@ -2086,7 +2086,7 @@ def login(
             },
             status_code=403,
         )
-        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="strict", path="/")
+        response.set_cookie(CSRF_COOKIE, csrf, httponly=False, secure=True, samesite="lax", path="/")
         return response
 
     response = RedirectResponse(url="/", status_code=303)