From 2feb22d3bdead818eaabbca50a21ead7e85fd0f9 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Tue, 11 Jan 2022 11:54:11 +0100
Subject: [PATCH] :bug: Fix unexpected default cookies behavior on redirectiong
 to penpot.

The SameSite=Strict on chrome behaves differently than in Firefox and
makes the top-level url redirect not sending cookies if the user is
redirected from other page to penpot. The SameSite=Lax fixes the issue.
---
 CHANGES.md                       | 1 +
 backend/src/app/http/session.clj | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 16b3aafd8..84c2fd03c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -42,6 +42,7 @@
 - Improved behaviour on text options when not text is selected [Taiga #2390](https://tree.taiga.io/project/penpot/issue/2390)
 - Fix decimal numbers in export viewbox [Taiga #2290](https://tree.taiga.io/project/penpot/issue/2290)
 - Right click over artboard name to open its menu [Taiga #1679](https://tree.taiga.io/project/penpot/issue/1679)
+- Make the default session cookue use SameSite=Lax instead of Strict (causes some issues in latest versions of Chrome).
 
 ### :arrow_up: Deps updates
 
diff --git a/backend/src/app/http/session.clj b/backend/src/app/http/session.clj
index f341f91da..e6191cf56 100644
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@@ -58,9 +58,7 @@
     (assoc response :cookies {cookie-name {:path "/"
                                            :http-only true
                                            :value id
-                                           :same-site (cond (not secure?) :lax
-                                                            cors?         :none
-                                                            :else         :strict)
+                                           :same-site (if cors? :none :lax)
                                            :secure secure?}})))
 
 (defn- clear-cookies