From 824f910bfe39b8d789ca3edcfca44b66f603a81c Mon Sep 17 00:00:00 2001
From: Erik Michelson
Date: Thu, 27 Aug 2020 02:04:49 +0200
Subject: Add config option for cookie SameSite policy

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
---
 app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app.js')

diff --git a/app.js b/app.js
index d102e816..236c77b9 100644
--- a/app.js
+++ b/app.js
@@ -147,7 +147,7 @@ app.use(session({
   rolling: true, // reset maxAge on every response
   cookie: {
     maxAge: config.sessionLife,
-    sameSite: 'lax',
+    sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor
     secure: config.useSSL || config.protocolUseSSL || false
   },
   store: sessionStore
-- 
cgit v1.2.3