diff options
Diffstat (limited to 'include/authorization.hpp')
| -rw-r--r-- | include/authorization.hpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/include/authorization.hpp b/include/authorization.hpp index 9e344d8f07..c078ede23a 100644 --- a/include/authorization.hpp +++ b/include/authorization.hpp @@ -193,11 +193,13 @@ static std::shared_ptr<persistent_data::UserSession> cookieValue.find("SESSION=") == std::string::npos) { // TODO: change this to not switch to cookie auth - res.addHeader("Set-Cookie", "XSRF-TOKEN=" + sp->csrfToken + - "; Secure\r\nSet-Cookie: SESSION=" + - sp->sessionToken + - "; Secure; HttpOnly\r\nSet-Cookie: " - "IsAuthenticated=true; Secure"); + res.addHeader( + "Set-Cookie", + "XSRF-TOKEN=" + sp->csrfToken + + "; SameSite=Strict; Secure\r\nSet-Cookie: SESSION=" + + sp->sessionToken + + "; SameSite=Strict; Secure; HttpOnly\r\nSet-Cookie: " + "IsAuthenticated=true; Secure"); BMCWEB_LOG_DEBUG << " TLS session: " << sp->uniqueId << " with cookie will be used for this request."; return sp; |