diff --git a/src/app.rs b/src/app.rs index 80457c3..0f51d85 100644 --- a/src/app.rs +++ b/src/app.rs @@ -38,6 +38,7 @@ pub fn make_app( oidc_config: Option, nextcloud_login_config: NextcloudLoginConfig, dav_push_enabled: bool, + session_cookie_samesite_strict: bool, ) -> Router<()> { let combined_cal_store = Arc::new(CombinedCalendarStore::new( cal_store.clone(), @@ -128,7 +129,11 @@ pub fn make_app( SessionManagerLayer::new(session_store) .with_name("rustical_session") .with_secure(true) - .with_same_site(SameSite::Strict) + .with_same_site(if session_cookie_samesite_strict { + SameSite::Strict + } else { + SameSite::Lax + }) .with_expiry(Expiry::OnInactivity( tower_sessions::cookie::time::Duration::hours(2), )), diff --git a/src/config.rs b/src/config.rs index 0c515c6..4eb8829 100644 --- a/src/config.rs +++ b/src/config.rs @@ -7,6 +7,7 @@ use serde::{Deserialize, Serialize}; pub struct HttpConfig { pub host: String, pub port: u16, + pub session_cookie_samesite_strict: bool, } impl Default for HttpConfig { @@ -14,6 +15,7 @@ impl Default for HttpConfig { Self { host: "0.0.0.0".to_owned(), port: 4000, + session_cookie_samesite_strict: false, } } } diff --git a/src/main.rs b/src/main.rs index 2dd1d2e..b4ceadf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -116,6 +116,7 @@ async fn main() -> Result<()> { config.oidc.clone(), config.nextcloud_login.clone(), config.dav_push.enabled, + config.http.session_cookie_samesite_strict, ); let app = ServiceExt::::into_make_service( NormalizePathLayer::trim_trailing_slash().layer(app),