From 09a585c93bb28a49c9538b47803bb5341e9f928b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9ry=20Mathieu=20=28Mathius=29?= Date: Tue, 22 Feb 2022 18:57:21 +0100 Subject: [PATCH] Add sameSite policy in cookie management in server side --- src/invidious/user/cookies.cr | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/invidious/user/cookies.cr b/src/invidious/user/cookies.cr index 367f700f..65e079ec 100644 --- a/src/invidious/user/cookies.cr +++ b/src/invidious/user/cookies.cr @@ -17,7 +17,8 @@ struct Invidious::User value: sid, expires: Time.utc + 2.years, secure: SECURE, - http_only: true + http_only: true, + samesite: HTTP::Cookie::SameSite::Strict ) end @@ -30,7 +31,8 @@ struct Invidious::User value: URI.encode_www_form(preferences.to_json), expires: Time.utc + 2.years, secure: SECURE, - http_only: false + http_only: false, + samesite: HTTP::Cookie::SameSite::Strict ) end end