Set samesite=strict for all cookies

2025-06-22 02:18:26 +00:00 · 2022-02-27 22:57:31 +01:00
parent aa7fd5d504
commit f22f0150e8
3 changed files with 6 additions and 3 deletions
--- a/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
@ -26,7 +26,8 @@ case class CookieData(auth: AuthToken) {
      domain = None,
      path = Some(path.asString),
      httpOnly = true,
-      secure = sec
+      secure = sec,
+      sameSite = Some(SameSite.Strict)
    )
  }

--- a/modules/restserver/src/main/scala/docspell/restserver/auth/RememberCookieData.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/auth/RememberCookieData.scala
@ -24,7 +24,8 @@ case class RememberCookieData(token: RememberToken) {
      path = Some(path.asString),
      httpOnly = true,
      secure = sec,
-      maxAge = Some(config.valid.seconds)
+      maxAge = Some(config.valid.seconds),
+      sameSite = Some(SameSite.Strict)
    )
  }

--- a/modules/restserver/src/main/scala/docspell/restserver/auth/ShareCookieData.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/auth/ShareCookieData.scala
@ -26,7 +26,8 @@ final case class ShareCookieData(token: ShareToken) {
      httpOnly = true,
      secure = sec,
      maxAge = None,
-      expires = None
+      expires = None,
+      sameSite = Some(SameSite.Strict)
    )
  }