ntr/mnml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

samesite::none

Browse Source
This commit is contained in:
ntr 2020-01-15 08:27:43 +10:00
parent c43f3f8e0e
commit deb327e791
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/http.rs
View File

@ -25,7 +25,7 @@ use payments::{stripe};
pub const TOKEN_HEADER: &str = "x-auth-token";
pub const AUTH_CLEAR: &str =
"x-auth-token=; HttpOnly; SameSite=Strict; Path=/; Max-Age=-1;";
"x-auth-token=; HttpOnly; SameSite=None; Path=/; Max-Age=-1;";
#[derive(Clone, Copy, Fail, Debug, Serialize, Deserialize)]
pub enum MnmlHttpError {
@ -191,7 +191,7 @@ impl AfterMiddleware for ErrorHandler {
fn token_res(token: String) -> Response {
let v = Cookie::build(TOKEN_HEADER, token)
.http_only(true)
.same_site(SameSite::Strict)
.same_site(SameSite::None)
.path("/")
.max_age(Duration::weeks(1)) // 1 week aligns with db set
.finish();
@ -354,7 +354,7 @@ fn recover(req: &mut Request) -> IronResult<Response> {
let v = Cookie::build(TOKEN_HEADER, token)
.http_only(true)
// .same_site(SameSite::Strict)
.same_site(SameSite::None)
.path("/")
.max_age(Duration::weeks(1)) // 1 week aligns with db set
.finish();