Mark cookies as sameSite=Strict

2023-04-12 14:25:13 +00:00 · 2021-05-19 18:08:26 +02:00 · 2021-05-19 18:08:26 +02:00 · 312d9b7a6f
commit 312d9b7a6f
parent 4d9f554fe6
2 changed files with 3 additions and 2 deletions
--- a/app/src/cookies.rs
+++ b/app/src/cookies.rs
@ -23,7 +23,7 @@ pub fn set_cookie(cookie_name: &str, value: &str, expiration: &DateTime<Utc>) ->
            d.dyn_into::<web_sys::HtmlDocument>()
                .map_err(|_| anyhow!("Document is not an HTMLDocument"))
        })?;
-    doc.set_cookie(&format!("{}={};expires={}", cookie_name, value, expiration))
+    doc.set_cookie(&format!("{}={};expires={};sameSite=Strict", cookie_name, value, expiration))
        .map_err(|_| anyhow!("Could not set cookie"))
 }

--- a/src/infra/tcp_server.rs
+++ b/src/infra/tcp_server.rs
@ -5,7 +5,7 @@ use actix_http::HttpServiceBuilder;
 use actix_server::ServerBuilder;
 use actix_service::{map_config, Service};
 use actix_web::{
-    cookie::Cookie,
+    cookie::{Cookie, SameSite},
    dev::{AppConfig, ServiceRequest},
    error::{ErrorBadRequest, ErrorUnauthorized},
    web, App, HttpRequest, HttpResponse,
@ -97,6 +97,7 @@ where
                            .max_age(1.days())
                            .path("/api")
                            .http_only(true)
+                            .same_site(SameSite::Strict)
                            .finish(),
                    )
                    .body(token.as_str().to_owned()),