Add sameSite policy in cookie management in server side

This commit is contained in:
Féry Mathieu (Mathius) 2022-02-22 18:57:21 +01:00
parent 8e4959a621
commit 09a585c93b
No known key found for this signature in database
GPG key ID: F9CCC80C18A59037

View file

@ -17,7 +17,8 @@ struct Invidious::User
value: sid,
expires: Time.utc + 2.years,
secure: SECURE,
http_only: true
http_only: true,
samesite: HTTP::Cookie::SameSite::Strict
)
end
@ -30,7 +31,8 @@ struct Invidious::User
value: URI.encode_www_form(preferences.to_json),
expires: Time.utc + 2.years,
secure: SECURE,
http_only: false
http_only: false,
samesite: HTTP::Cookie::SameSite::Strict
)
end
end