Merged r21009 from trunk to 4.1-stable (#35226).

git-svn-id: http://svn.redmine.org/redmine/branches/4.1-stable@21038 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index ff8631e901def6099b1549b5f0c3c0bc54fdec91..6ec75eaec92be8b5fb2ea6ba11785c3421c19667 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -297,6 +297,7 @@ class AccountController < ApplicationController
       :value => token,
       :expires => 1.year.from_now,
       :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
+      :same_site => :lax,
       :secure => secure,
       :httponly => true
     }

diff --git a/config/application.rb b/config/application.rb
index 86b695d42dc91123d06a0716fb7510afb827ade6..c40a58046915f235436923363936e69388e8bda2 100644 (file)
--- a/config/application.rb
+++ b/config/application.rb
@@ -79,7 +79,8 @@ module RedmineApp
 
     config.session_store :cookie_store,
       :key => '_redmine_session',
-      :path => config.relative_url_root || '/'
+      :path => config.relative_url_root || '/',
+      :same_site => :lax
 
     if File.exists?(File.join(File.dirname(__FILE__), 'additional_environment.rb'))
       instance_eval File.read(File.join(File.dirname(__FILE__), 'additional_environment.rb'))

diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index e2cd3d1b7ec8223a393e7f943d46fa7ab15ea6ff..d023f5b247a9339a25756a78207e4ab005ba812a 100644 (file)
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -953,7 +953,7 @@ $(document).ready(function(){
 
   $('#history .tabs').on('click', 'a', function(e){
     var tab = $(e.target).attr('id').replace('tab-','');
-    document.cookie = 'history_last_tab=' + tab
+    document.cookie = 'history_last_tab=' + tab + '; SameSite=Lax'
   });
 });