✨ Add the ability to set :string for cookie same-site

By configuration. The default is :lax (unchanged)
2025-03-17 18:21:23 -05:00 · 2024-03-05 19:44:09 +01:00 · 2024-03-05 19:44:09 +01:00 · 1bc4001e70
commit 1bc4001e70
parent 07b8a2a6e6
1 changed files with 2 additions and 1 deletions
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -248,6 +248,7 @@
        renewal    (dt/plus created-at default-renewal-max-age)
        expires    (dt/plus created-at max-age)
        secure?    (contains? cf/flags :secure-session-cookies)
+        strict?    (contains? cf/flags :strict-session-cookies)
        cors?      (contains? cf/flags :cors)
        name       (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
        comment    (str "Renewal at: " (dt/format-instant renewal :rfc1123))
@ -256,7 +257,7 @@
                    :expires expires
                    :value token
                    :comment comment
-                    :same-site (if cors? :none :lax)
+                    :same-site (if cors? :none (if strict? :strict :lax))
                    :secure secure?}]
    (update response :cookies assoc name cookie)))