search

snikket-im / snikket-web-portal

This is the web portal for Snikket Chat services. To learn more about what Snikket Chat services are, check the website.
https://snikket.org
GNU Affero General Public License v3.0
32 stars 12 forks source link

Explicitly set cookie SameSite attribute to Lax #187

Closed mwild1 closed 4 months ago

mwild1 commented 4 months ago

With 'Secure' set, it may default to 'None', which we don't need or want.

'Strict' is not suitable for session cookies - the user would see the login screen when navigating from another site (e.g. hosting dashboard) and we already have CSRF protection on forms.