Add missing SameSite settings for the i_like_gitea cookie (#16037)

The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.

This PR ensures that they are set.

Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 5656730608151e1631053b5f69b5457b30510464..f3efd67bb3e10ea7c853ac527048914293a1ec21 100644 (file)
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -557,6 +557,7 @@ func Routes() *web.Route {
                Gclifetime:     setting.SessionConfig.Gclifetime,
                Maxlifetime:    setting.SessionConfig.Maxlifetime,
                Secure:         setting.SessionConfig.Secure,
+               SameSite:       setting.SessionConfig.SameSite,
                Domain:         setting.SessionConfig.Domain,
        }))
        m.Use(securityHeaders())

diff --git a/routers/routes/install.go b/routers/routes/install.go
index 18e74f005fa6d875f020a8914cecc1978b9ae52c..2a2c8f1d2b5ae61aec1ec86faba33e877db5412f 100644 (file)
--- a/routers/routes/install.go
+++ b/routers/routes/install.go
@@ -94,6 +94,7 @@ func InstallRoutes() *web.Route {
                Gclifetime:     setting.SessionConfig.Gclifetime,
                Maxlifetime:    setting.SessionConfig.Maxlifetime,
                Secure:         setting.SessionConfig.Secure,
+               SameSite:       setting.SessionConfig.SameSite,
                Domain:         setting.SessionConfig.Domain,
        }))
 

diff --git a/routers/routes/web.go b/routers/routes/web.go
index cc65ad6d9fcdb758fed76f481bbf056377d6b168..6d91eb1b3c80edee5f7925ede8cd49e610571519 100644 (file)
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -161,6 +161,7 @@ func WebRoutes() *web.Route {
                Gclifetime:     setting.SessionConfig.Gclifetime,
                Maxlifetime:    setting.SessionConfig.Maxlifetime,
                Secure:         setting.SessionConfig.Secure,
+               SameSite:       setting.SessionConfig.SameSite,
                Domain:         setting.SessionConfig.Domain,
        }))