feat: update SameSite policy of session cookie to Lax (#3650)

* update session cookie samesite policy to lax * set cookie samesite policy based on csrf protection setting
8 months ago · 628a3d36f8
parent 8d9c808e90
commit 628a3d36f8
1 changed files with 1 additions and 1 deletions
--- a/server/index.ts
+++ b/server/index.ts
@ -166,7 +166,7 @@ app
        cookie: {
          maxAge: 1000 * 60 * 60 * 24 * 30,
          httpOnly: true,
-          sameSite: true,
+          sameSite: settings.main.csrfProtection ? 'strict' : 'lax',
          secure: 'auto',
        },
        store: new TypeormStore({