feat: update SameSite policy of session cookie to Lax (#3650)

* update session cookie samesite policy to lax * set cookie samesite policy based on csrf protection setting
2025-09-30 15:40:40 +02:00 · 2023-10-18 17:05:22 +02:00
parent e2771a3011
commit c84ca43074
1 changed files with 1 additions and 1 deletions
--- a/server/index.ts
+++ b/server/index.ts
@@ -152,7 +152,7 @@ app
        cookie: {
          maxAge: 1000 * 60 * 60 * 24 * 30,
          httpOnly: true,
-          sameSite: true,
+          sameSite: settings.main.csrfProtection ? 'strict' : 'lax',
          secure: 'auto',
        },
        store: new TypeormStore({