feat: update SameSite policy of session cookie to Lax (#3650)

* update session cookie samesite policy to lax * set cookie samesite policy based on csrf protection setting
Fallenbagel · Oct 18, 2023 · c84ca43 · c84ca43
1 parent e2771a3
commit c84ca43
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/index.ts b/server/index.ts
@@ -152,7 +152,7 @@ app
         cookie: {
           maxAge: 1000 * 60 * 60 * 24 * 30,
           httpOnly: true,
-          sameSite: true,
+          sameSite: settings.main.csrfProtection ? 'strict' : 'lax',
           secure: 'auto',
         },
         store: new TypeormStore({