Set "SameSite=None" if CSRF Protection is disabled

PR #18843.
2 years ago · 1e400df324
1 changed files with 2 additions and 0 deletions
--- a/src/webui/webapplication.cpp
+++ b/src/webui/webapplication.cpp
@ -683,6 +683,8 @@ void WebApplication::sessionStart()
				@@ -683,6 +683,8 @@ void WebApplication::sessionStart()
    QByteArray cookieRawForm = cookie.toRawForm();
    if (m_isCSRFProtectionEnabled)
        cookieRawForm.append("; SameSite=Strict");
+    else if (cookie.isSecure())
+        cookieRawForm.append("; SameSite=None");
    setHeader({Http::HEADER_SET_COOKIE, QString::fromLatin1(cookieRawForm)});
 }