From c84ca4307465af4278f3dad5cf9c2b8cbae3fada Mon Sep 17 00:00:00 2001
From: RemiRigal <rigal.remi@gmail.com>
Date: Wed, 18 Oct 2023 17:05:22 +0200
Subject: [PATCH] feat: update SameSite policy of session cookie to Lax (#3650)

* update session cookie samesite policy to lax

* set cookie samesite policy based on csrf protection setting
---
 server/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/index.ts b/server/index.ts
index b426f0f3..10ca1032 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -152,7 +152,7 @@ app
         cookie: {
           maxAge: 1000 * 60 * 60 * 24 * 30,
           httpOnly: true,
-          sameSite: true,
+          sameSite: settings.main.csrfProtection ? 'strict' : 'lax',
           secure: 'auto',
         },
         store: new TypeormStore({