diff --git a/driver/config/provider.go b/driver/config/provider.go
index ea029523223..74d4179d7cf 100644
--- a/driver/config/provider.go
+++ b/driver/config/provider.go
@@ -277,7 +277,8 @@ func (p *DefaultProvider) CookieSameSiteMode(ctx context.Context) http.SameSite
 	case "strict":
 		return http.SameSiteStrictMode
 	case "none":
-		if p.IsDevelopmentMode(ctx) {
+		if p.IssuerURL(ctx).Scheme != "https" {
+			// SameSite=None can only be set for HTTPS issuers.
 			return http.SameSiteLaxMode
 		}
 		return http.SameSiteNoneMode
diff --git a/driver/config/provider_test.go b/driver/config/provider_test.go
index 7d69eddbd52..f7f3b4aef89 100644
--- a/driver/config/provider_test.go
+++ b/driver/config/provider_test.go
@@ -206,11 +206,20 @@ func TestProviderCookieSameSiteMode(t *testing.T) {
 	p.MustSet(ctx, KeyCookieSameSiteMode, "none")
 	assert.Equal(t, http.SameSiteNoneMode, p.CookieSameSiteMode(ctx))
 
+	p.MustSet(ctx, KeyCookieSameSiteMode, "lax")
+	assert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode(ctx))
+
+	p.MustSet(ctx, KeyCookieSameSiteMode, "strict")
+	assert.Equal(t, http.SameSiteStrictMode, p.CookieSameSiteMode(ctx))
+
 	p = MustNew(context.Background(), l, configx.SkipValidation())
 	p.MustSet(ctx, "dev", true)
 	assert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode(ctx))
 	p.MustSet(ctx, KeyCookieSameSiteMode, "none")
 	assert.Equal(t, http.SameSiteLaxMode, p.CookieSameSiteMode(ctx))
+
+	p.MustSet(ctx, KeyIssuerURL, "https://example.com")
+	assert.Equal(t, http.SameSiteNoneMode, p.CookieSameSiteMode(ctx))
 }
 
 func TestViperProviderValidates(t *testing.T) {