From 1bc4001e70c9bc4ea72019bd261de17e48f1dc14 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 5 Mar 2024 19:44:09 +0100 Subject: [PATCH] :sparkles: Add the ability to set :string for cookie same-site By configuration. The default is :lax (unchanged) --- backend/src/app/http/session.clj | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/app/http/session.clj b/backend/src/app/http/session.clj index 696cc6a3a..7ff6dfa01 100644 --- a/backend/src/app/http/session.clj +++ b/backend/src/app/http/session.clj @@ -248,6 +248,7 @@ renewal (dt/plus created-at default-renewal-max-age) expires (dt/plus created-at max-age) secure? (contains? cf/flags :secure-session-cookies) + strict? (contains? cf/flags :strict-session-cookies) cors? (contains? cf/flags :cors) name (cf/get :auth-token-cookie-name default-auth-token-cookie-name) comment (str "Renewal at: " (dt/format-instant renewal :rfc1123)) @@ -256,7 +257,7 @@ :expires expires :value token :comment comment - :same-site (if cors? :none :lax) + :same-site (if cors? :none (if strict? :strict :lax)) :secure secure?}] (update response :cookies assoc name cookie)))