From 8b0f9fae9f34ef25458e79a477758a45873b7cd4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 5 Nov 2019 18:11:38 +0100
Subject: Cookie same-site (#2630)

* Set-Cookie SameSite

* https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
* https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
* https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
* https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again
---
 p/.htaccess | 1 +
 1 file changed, 1 insertion(+)

(limited to 'p')

diff --git a/p/.htaccess b/p/.htaccess
index 74ba7ed11..909fb6cdc 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -37,4 +37,5 @@ AddDefaultCharset	UTF-8
 	<FilesMatch "\.(css|gif|html|ico|js|png|svg|woff|woff2)$">
 		Header	merge Cache-Control "public"
 	</FilesMatch>
+	Header edit Set-Cookie ^(.*)$ "$1; SameSite=Lax"
 </IfModule>
-- 
cgit v1.2.3