search

haskell-servant / servant

Servat is a Haskell DSL for describing, serving, querying, mocking, documenting web applications and more!
https://docs.servant.dev/
1.82k stars 412 forks source link

Add SameSite attribute to XSRF token cookie #1662

Closed Minnozz closed 1 year ago

Minnozz commented 1 year ago

It is currently missing, which causes a warning in modern browsers.

By moving it to applyCookieSettings, the value specified in cookieSameSite is used for both the session cookie and the XSRF token cookie.