From be6eff6c23639969adac29fcca26f45a8a300b1e Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Wed, 16 Jun 2021 14:17:46 +0000 Subject: [PATCH] Merged r21009 from trunk to 4.1-stable (#35226). git-svn-id: http://svn.redmine.org/redmine/branches/4.1-stable@21038 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 1 + config/application.rb | 3 ++- public/javascripts/application.js | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index ff8631e90..6ec75eaec 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -297,6 +297,7 @@ class AccountController < ApplicationController :value => token, :expires => 1.year.from_now, :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'), + :same_site => :lax, :secure => secure, :httponly => true } diff --git a/config/application.rb b/config/application.rb index 86b695d42..c40a58046 100644 --- a/config/application.rb +++ b/config/application.rb @@ -79,7 +79,8 @@ module RedmineApp config.session_store :cookie_store, :key => '_redmine_session', - :path => config.relative_url_root || '/' + :path => config.relative_url_root || '/', + :same_site => :lax if File.exists?(File.join(File.dirname(__FILE__), 'additional_environment.rb')) instance_eval File.read(File.join(File.dirname(__FILE__), 'additional_environment.rb')) diff --git a/public/javascripts/application.js b/public/javascripts/application.js index e2cd3d1b7..d023f5b24 100644 --- a/public/javascripts/application.js +++ b/public/javascripts/application.js @@ -953,7 +953,7 @@ $(document).ready(function(){ $('#history .tabs').on('click', 'a', function(e){ var tab = $(e.target).attr('id').replace('tab-',''); - document.cookie = 'history_last_tab=' + tab + document.cookie = 'history_last_tab=' + tab + '; SameSite=Lax' }); }); -- 2.39.5