From deb327e79122be58aaf3e15a31125b469017b897 Mon Sep 17 00:00:00 2001
From: ntr <ntr@smokestack.io>
Date: Wed, 15 Jan 2020 08:27:43 +1000
Subject: [PATCH] samesite::none

---
 server/src/http.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/src/http.rs b/server/src/http.rs
index cc61496f..bb0d443d 100644
--- a/server/src/http.rs
+++ b/server/src/http.rs
@@ -25,7 +25,7 @@ use payments::{stripe};
 
 pub const TOKEN_HEADER: &str = "x-auth-token";
 pub const AUTH_CLEAR: &str =
-    "x-auth-token=; HttpOnly; SameSite=Strict; Path=/; Max-Age=-1;";
+    "x-auth-token=; HttpOnly; SameSite=None; Path=/; Max-Age=-1;";
 
 #[derive(Clone, Copy, Fail, Debug, Serialize, Deserialize)]
 pub enum MnmlHttpError {
@@ -191,7 +191,7 @@ impl AfterMiddleware for ErrorHandler {
 fn token_res(token: String) -> Response {
     let v = Cookie::build(TOKEN_HEADER, token)
         .http_only(true)
-        .same_site(SameSite::Strict)
+        .same_site(SameSite::None)
         .path("/")
         .max_age(Duration::weeks(1)) // 1 week aligns with db set
         .finish();
@@ -354,7 +354,7 @@ fn recover(req: &mut Request) -> IronResult<Response> {
 
     let v = Cookie::build(TOKEN_HEADER, token)
         .http_only(true)
-        // .same_site(SameSite::Strict)
+        .same_site(SameSite::None)
         .path("/")
         .max_age(Duration::weeks(1)) // 1 week aligns with db set
         .finish();