From ae2db423ee812472119fa2810cb83d5996fc408e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Sun, 17 May 2020 14:56:42 -0400
Subject: [PATCH] feat: cookie SameSite property

More information:
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
https://web.dev/samesite-cookies-explained/
---
 src/meta/configs.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/meta/configs.js b/src/meta/configs.js
index c28d3e2ff8..da07f68fbd 100644
--- a/src/meta/configs.js
+++ b/src/meta/configs.js
@@ -164,6 +164,9 @@ Configs.cookie = {
 			cookie.path = relativePath;
 		}
 
+		// Ideally configurable from ACP, but cannot be "Strict" as then top-level access will treat it as guest.
+		cookie.sameSite = 'Lax';
+
 		return cookie;
 	},
 };