Backport #16037 The i_like_gitea cookie appears to be missing the SameSite settings. I think they were present at some point but may have been removed in a merge. This PR ensures that they are set. Fix #15972 Signed-off-by: Andrew Thornton <art27@cantab.net>tags/v1.14.3
@@ -557,6 +557,7 @@ func Routes() *web.Route { | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
})) | |||
m.Use(securityHeaders()) |
@@ -89,6 +89,7 @@ func InstallRoutes() *web.Route { | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
})) | |||
@@ -135,6 +135,7 @@ func WebRoutes() *web.Route { | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
})) | |||