Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Use SameSite=Lax for session cookie

Browse Source
This commit is contained in:
Ginger
2026-04-30 12:22:56 -04:00
parent 6f17868525
commit 2ef8a1edd7
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/web/mod.rs
+6 -2
View File
@@ -10,7 +10,7 @@ use axum::{
use conduwuit_service::{Services, state};
use tower_http::{catch_panic::CatchPanicLayer, set_header::SetResponseHeaderLayer};
use tower_sec_fetch::SecFetchLayer;
use tower_sessions::{ExpiredDeletion, SessionManagerLayer};
use tower_sessions::{ExpiredDeletion, SessionManagerLayer, cookie::SameSite};
use crate::{
pages::TemplateContext,
@@ -134,7 +134,11 @@ pub fn build(services: &Services) -> Router<state::State> {
.merge(threepid::build())
.fallback(async || WebError::NotFound),
)
.layer(SessionManagerLayer::new(store).with_name("_c10y_session"))
.layer(
SessionManagerLayer::new(store)
.with_name("_c10y_session")
.with_same_site(SameSite::Lax),
)
.layer(CatchPanicLayer::custom(|panic: Box<dyn Any + Send + 'static>| {
let details = if let Some(s) = panic.downcast_ref::<String>() {
s.clone()