Explicitly set SameSite attribute for cookies
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
Modern browsers start to tighten down on third-party access to cookies. E.g. in current Firefox, a warning about the userLanguage cookie was shown since it did not yet explicitly set the SameSite attribute and the default is about to change. The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME suggests it should be readable by the actual Akkoma backend, which can live at a different domain than akkoma-fe. Thus explicitly enable sharing with third-party sites. No warnings were shown for other cookies, so I assume this was the only one not yet setting SameSite.
This commit is contained in:
parent
52b0b6f008
commit
ab250c2f3a
1 changed files with 1 additions and 1 deletions
|
@ -229,7 +229,7 @@ const config = {
|
|||
break
|
||||
case 'interfaceLanguage':
|
||||
messages.setLanguage(this.getters.i18n, value)
|
||||
Cookies.set(BACKEND_LANGUAGE_COOKIE_NAME, localeService.internalToBackendLocale(value))
|
||||
Cookies.set(BACKEND_LANGUAGE_COOKIE_NAME, localeService.internalToBackendLocale(value), {sameSite: 'Lax'})
|
||||
dispatch('setInstanceOption', { name: 'interfaceLanguage', value })
|
||||
break
|
||||
case 'thirdColumnMode':
|
||||
|
|
Loading…
Reference in a new issue