From 387e6682757d32b9d9e9b7e3d443143a39ce2184 Mon Sep 17 00:00:00 2001
From: Erik Michelson
Date: Thu, 27 Aug 2020 09:05:17 +0200
Subject: Changed default policy from 'strict' to 'lax' due to the reasons
 mentioned in 3d1fab05

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
---
 lib/config/default.js | 2 +-
 lib/config/index.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/config')

diff --git a/lib/config/default.js b/lib/config/default.js
index 3d1a1367..38bb164b 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -27,7 +27,7 @@ module.exports = {
     upgradeInsecureRequests: 'auto',
     reportURI: undefined
   },
-  cookiePolicy: 'strict',
+  cookiePolicy: 'lax',
   protocolUseSSL: false,
   useCDN: false,
   allowAnonymous: true,
diff --git a/lib/config/index.js b/lib/config/index.js
index 020dee13..203b9ef9 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -53,7 +53,7 @@ if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) {
 
 if (!['strict', 'lax', 'none'].includes(config.cookiePolicy)) {
   logger.error('Cookie SameSite policy %s does not exist. Falling back to strict. Available values are: strict, lax, none.', config.cookiePolicy)
-  config.cookiePolicy = 'strict'
+  config.cookiePolicy = 'lax'
 }
 
 // load LDAP CA
-- 
cgit v1.2.3