diff --git a/.gitignore b/.gitignore
index a7f372d..e26945a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ phpstan.neon
 testbench.yaml
 vendor
 node_modules
+.DS_Store
diff --git a/routes/api.php b/routes/api.php
index d9453c4..c7a5d5a 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -1,6 +1,7 @@
 <?php
 
 use Illuminate\Support\Facades\Route;
+use Native\Laravel\Http\Controllers\CreateSecurityCookieController;
 use Native\Laravel\Http\Controllers\DispatchEventFromAppController;
 use Native\Laravel\Http\Controllers\NativeAppBootedController;
 use Native\Laravel\Http\Middleware\PreventRegularBrowserAccess;
@@ -9,3 +10,5 @@
     Route::post('_native/api/booted', NativeAppBootedController::class);
     Route::post('_native/api/events', DispatchEventFromAppController::class);
 })->withoutMiddleware(\App\Http\Middleware\VerifyCsrfToken::class);
+
+Route::get('_native/api/cookie', CreateSecurityCookieController::class);
diff --git a/src/Http/Controllers/CreateSecurityCookieController.php b/src/Http/Controllers/CreateSecurityCookieController.php
new file mode 100644
index 0000000..97d1410
--- /dev/null
+++ b/src/Http/Controllers/CreateSecurityCookieController.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Native\Laravel\Http\Controllers;
+
+use Illuminate\Http\Request;
+
+class CreateSecurityCookieController
+{
+    public function __invoke(Request $request)
+    {
+        if ($request->get('secret') !== config('native-php.secret')) {
+            return abort(403);
+        }
+
+        return redirect('/')->cookie(cookie(
+            name: '_php_native',
+            value: config('native-php.secret'),
+            domain: 'localhost',
+            httpOnly: true,
+        ));
+    }
+}
diff --git a/src/Http/Middleware/PreventRegularBrowserAccess.php b/src/Http/Middleware/PreventRegularBrowserAccess.php
index 4241f88..3e79885 100644
--- a/src/Http/Middleware/PreventRegularBrowserAccess.php
+++ b/src/Http/Middleware/PreventRegularBrowserAccess.php
@@ -9,6 +9,11 @@ class PreventRegularBrowserAccess
 {
     public function handle(Request $request, Closure $next)
     {
+        // Explicitly skip for the cookie-setting route
+        if ($request->path() === '_native/api/cookie') {
+            return $next($request);
+        }
+
         $cookie = $request->cookie('_php_native');
         $header = $request->header('X-Native-PHP-Secret');