diff options
Diffstat (limited to 'include/login_routes.hpp')
| -rw-r--r-- | include/login_routes.hpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/include/login_routes.hpp b/include/login_routes.hpp index d4005599bb..4d42b565be 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -167,11 +167,13 @@ inline void requestRoutes(App& app) // "set-cookie" string into the value header, and get // the result we want, even though we are technicaly // declaring two headers here. - res.addHeader("Set-Cookie", - "XSRF-TOKEN=" + session->csrfToken + - "; Secure\r\nSet-Cookie: SESSION=" + - session->sessionToken + - "; Secure; HttpOnly"); + res.addHeader( + "Set-Cookie", + "XSRF-TOKEN=" + session->csrfToken + + "; SameSite=Strict; Secure\r\nSet-Cookie: " + "SESSION=" + + session->sessionToken + + "; SameSite=Strict; Secure; HttpOnly"); } else { |