From 6e26ac10a36354c2a08ccddd0fd2df658aba5e4b Mon Sep 17 00:00:00 2001
From: Hakurei Reimu <admin@marchgenso.me>
Date: Mon, 15 Apr 2019 12:33:46 +0800
Subject: [PATCH] make Pleroma.Endpoint use extra_cookie_attrs in config

---
 lib/pleroma/web/endpoint.ex | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1633477c3..7f939991d 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -58,14 +58,9 @@ defmodule Pleroma.Web.Endpoint do
       do: "__Host-pleroma_key",
       else: "pleroma_key"
 
-  same_site =
-    if Pleroma.Config.oauth_consumer_enabled?() do
-      # Note: "SameSite=Strict" prevents sign in with external OAuth provider
-      #   (there would be no cookies during callback request from OAuth provider)
-      "SameSite=Lax"
-    else
-      "SameSite=Strict"
-    end
+  extra =
+    Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
+    |> Enum.join(";")
 
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
@@ -77,7 +72,7 @@ defmodule Pleroma.Web.Endpoint do
     signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
     http_only: true,
     secure: secure_cookies,
-    extra: same_site
+    extra: extra
   )
 
   # Note: the plug and its configuration is compile-time this can't be upstreamed yet