From acc1c038610a82d8470acde6753716da0dc4b1fa Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 6 Nov 2020 11:57:14 +0100
Subject: Fix cookies not having a SameSite attribute (#15098)

---
 config/initializers/session_store.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'config/initializers/session_store.rb')

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 3dc0edd6f..e5d1be4c6 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,7 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true')
+Rails.application.config.session_store :cookie_store, {
+  key: '_mastodon_session',
+  secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
+  same_site: :lax,
+}
-- 
cgit