From 099b160d1183aea02612906530a4fae93c72d557 Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Thu, 27 May 2021 08:31:15 +0000
Subject: Add SameSite=Lax to cookies to fix warnings in web browsers (#35226).

Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21009 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index c6d13d417..e1b3d4f2b 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -404,6 +404,7 @@ class AccountController < ApplicationController
       :value => token,
       :expires => 1.year.from_now,
       :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
+      :same_site => :lax,
       :secure => secure,
       :httponly => true
     }
-- 
cgit v1.2.3