diff --git a/EventListener/AngularCsrfCookieListener.php b/EventListener/AngularCsrfCookieListener.php
index f24d34a..e780f64 100644
--- a/EventListener/AngularCsrfCookieListener.php
+++ b/EventListener/AngularCsrfCookieListener.php
@@ -102,7 +102,9 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->cookiePath,
             $this->cookieDomain,
             $this->cookieSecure,
-            false
+            false /* httpOnly */,
+            false /* raw */,
+            Cookie::SAMESITE_LAX
         ));
     }
 }
diff --git a/appveyor.yml b/appveyor.yml
index 72d34b8..aee87de 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -10,7 +10,7 @@ init:
 
 install:
   - ps: Set-Service wuauserv -StartupType Manual
-  - cinst -y php
+  - cinst -y php --version 7.2.17
   - cd c:\tools\php72
   - copy php.ini-production php.ini /Y
   - echo date.timezone="UTC" >> php.ini
diff --git a/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php b/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
index a2a93ca..db15726 100644
--- a/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
+++ b/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
@@ -60,6 +60,11 @@ public function it_loads(ContainerBuilder $container, ParameterBagInterface $par
             $container->addResource(Argument::type('Symfony\Component\Config\Resource\FileResource'))->shouldBeCalled();
         }
 
+        if (method_exists('Symfony\Component\DependencyInjection\ContainerBuilder', 'addRemovedBindingIds')) {
+            // Added in Symfony v4.2.6 and v3.4.25
+            $container->addRemovedBindingIds(Argument::type('string'))->willReturn(null);
+        }
+
         $container->getParameterBag()->willReturn($parameterBag)->shouldBeCalled();
         $container->hasExtension('http://symfony.com/schema/dic/services')->willReturn(false)->shouldBeCalled();
         $container->setParameter('dunglas_angular_csrf.token.id', $configs['dunglas_angular_csrf']['token']['id'])->shouldBeCalled();
diff --git a/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php b/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
index c1f0982..e45d8ea 100644
--- a/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
+++ b/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
@@ -79,7 +79,10 @@ public function it_sets_cookie_when_it_does(
         Response $response,
         ResponseHeaderBag $headers
     ) {
-        $headers->setCookie(Argument::type('Symfony\Component\HttpFoundation\Cookie'));
+        $headers->setCookie(Argument::allOf(
+            Argument::type('Symfony\Component\HttpFoundation\Cookie'),
+            Argument::which('getSameSite', 'lax')
+        ))->shouldBeCalled();
         $response->headers = $headers;
 
         $event->getRequestType()->willReturn(HttpKernelInterface::MASTER_REQUEST)->shouldBeCalled();