Add sameSite policy in cookie management in server side

author: Féry Mathieu (Mathius) <ferymathieuy@gmail.com> 2022-02-22 18:57:21 +0100
committer: Féry Mathieu (Mathius) <ferymathieuy@gmail.com> 2022-02-22 18:57:21 +0100
commit: 09a585c93bb28a49c9538b47803bb5341e9f928b (patch)
tree: cfd912e5aa2bf0e1c4139d8a6b108a064b46b445 /src
parent: 8e4959a62138a67b07ae998175f46cc42ac9e239 (diff)
download: invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.tar.gz
invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.tar.bz2
invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/invidious/user/cookies.cr b/src/invidious/user/cookies.cr
index 367f700f..65e079ec 100644
--- a/src/invidious/user/cookies.cr
+++ b/src/invidious/user/cookies.cr
@@ -17,7 +17,8 @@ struct Invidious::User
         value: sid,
         expires: Time.utc + 2.years,
         secure: SECURE,
-        http_only: true
+        http_only: true,
+        samesite: HTTP::Cookie::SameSite::Strict
       )
     end
 
@@ -30,7 +31,8 @@ struct Invidious::User
         value: URI.encode_www_form(preferences.to_json),
         expires: Time.utc + 2.years,
         secure: SECURE,
-        http_only: false
+        http_only: false,
+        samesite: HTTP::Cookie::SameSite::Strict
       )
     end
   end
author	Féry Mathieu (Mathius) <ferymathieuy@gmail.com>	2022-02-22 18:57:21 +0100
committer	Féry Mathieu (Mathius) <ferymathieuy@gmail.com>	2022-02-22 18:57:21 +0100
commit	09a585c93bb28a49c9538b47803bb5341e9f928b (patch)
tree	cfd912e5aa2bf0e1c4139d8a6b108a064b46b445 /src
parent	8e4959a62138a67b07ae998175f46cc42ac9e239 (diff)
download	invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.tar.gz invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.tar.bz2 invidious-09a585c93bb28a49c9538b47803bb5341e9f928b.zip