Cookie same-site (#2630)

* Set-Cookie SameSite * https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 * https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7 * https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ * https://blog.chromium.org/2019/10/developers-get-ready-for-new.html Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again
author: Alexandre Alapetite <alexandre@alapetite.fr> 2019-11-05 18:11:38 +0100
committer: GitHub <noreply@github.com> 2019-11-05 18:11:38 +0100
commit: 8b0f9fae9f34ef25458e79a477758a45873b7cd4 (patch)
tree: e86e90a6189c7271080c40ddcff5290d615e891e /p
parent: bba0b0565559fbecf5df170b472cadc58627027a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/p/.htaccess b/p/.htaccess
index 74ba7ed11..909fb6cdc 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -37,4 +37,5 @@ AddDefaultCharset	UTF-8
 	<FilesMatch "\.(css|gif|html|ico|js|png|svg|woff|woff2)$">
 		Header	merge Cache-Control "public"
 	</FilesMatch>
+	Header edit Set-Cookie ^(.*)$ "$1; SameSite=Lax"
 </IfModule>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2019-11-05 18:11:38 +0100
committer	GitHub <noreply@github.com>	2019-11-05 18:11:38 +0100
commit	8b0f9fae9f34ef25458e79a477758a45873b7cd4 (patch)
tree	e86e90a6189c7271080c40ddcff5290d615e891e /p
parent	bba0b0565559fbecf5df170b472cadc58627027a (diff)