summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/account_controller.rb1
-rw-r--r--config/application.rb3
-rw-r--r--public/javascripts/application.js2
3 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index c6d13d417..e1b3d4f2b 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -404,6 +404,7 @@ class AccountController < ApplicationController
:value => token,
:expires => 1.year.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
+ :same_site => :lax,
:secure => secure,
:httponly => true
}
diff --git a/config/application.rb b/config/application.rb
index 72546d180..1905b451c 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -80,7 +80,8 @@ module RedmineApp
config.session_store(
:cookie_store,
:key => '_redmine_session',
- :path => config.relative_url_root || '/'
+ :path => config.relative_url_root || '/',
+ :same_site => :lax
)
if File.exists?(File.join(File.dirname(__FILE__), 'additional_environment.rb'))
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 1bc228236..7feb3a293 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -1033,7 +1033,7 @@ $(document).ready(function(){
$('#history .tabs').on('click', 'a', function(e){
var tab = $(e.target).attr('id').replace('tab-','');
- document.cookie = 'history_last_tab=' + tab
+ document.cookie = 'history_last_tab=' + tab + '; SameSite=Lax'
});
});