Set "SameSite=None" if CSRF Protection is disabled

PR #18843.
2025-01-09 06:17:58 +00:00 · 2023-04-16 19:27:49 +08:00 · 2023-04-16 19:27:49 +08:00 · 1e400df324
commit 1e400df324
parent eaee38a19e
1 changed files with 2 additions and 0 deletions
--- a/src/webui/webapplication.cpp
+++ b/src/webui/webapplication.cpp
@ -683,6 +683,8 @@ void WebApplication::sessionStart()
    QByteArray cookieRawForm = cookie.toRawForm();
    if (m_isCSRFProtectionEnabled)
        cookieRawForm.append("; SameSite=Strict");
+    else if (cookie.isSecure())
+        cookieRawForm.append("; SameSite=None");
    setHeader({Http::HEADER_SET_COOKIE, QString::fromLatin1(cookieRawForm)});
 }