From 1bc4001e70c9bc4ea72019bd261de17e48f1dc14 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Tue, 5 Mar 2024 19:44:09 +0100
Subject: [PATCH] :sparkles: Add the ability to set :string for cookie
 same-site

By configuration. The default is :lax (unchanged)
---
 backend/src/app/http/session.clj | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/app/http/session.clj b/backend/src/app/http/session.clj
index 696cc6a3a..7ff6dfa01 100644
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@@ -248,6 +248,7 @@
         renewal    (dt/plus created-at default-renewal-max-age)
         expires    (dt/plus created-at max-age)
         secure?    (contains? cf/flags :secure-session-cookies)
+        strict?    (contains? cf/flags :strict-session-cookies)
         cors?      (contains? cf/flags :cors)
         name       (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
         comment    (str "Renewal at: " (dt/format-instant renewal :rfc1123))
@@ -256,7 +257,7 @@
                     :expires expires
                     :value token
                     :comment comment
-                    :same-site (if cors? :none :lax)
+                    :same-site (if cors? :none (if strict? :strict :lax))
                     :secure secure?}]
     (update response :cookies assoc name cookie)))