From 8b0f9fae9f34ef25458e79a477758a45873b7cd4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 5 Nov 2019 18:11:38 +0100
Subject: Cookie same-site (#2630)

* Set-Cookie SameSite

* https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
* https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
* https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
* https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again
---
 Docker/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Docker/README.md')

diff --git a/Docker/README.md b/Docker/README.md
index 15510a220..d06016fb9 100644
--- a/Docker/README.md
+++ b/Docker/README.md
@@ -320,7 +320,7 @@ server {
 	# Other SSL stuff goes here
 
 	# Needed for Freshrss cookie/session :
-	proxy_cookie_path / "/; HTTPOnly; Secure";
+	proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=Lax";
 
 	location / {
 		try_files $uri $uri/ =404;
-- 
cgit v1.2.3