nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-14 07:02:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

make session cookie samesite=lax by default

Browse Source
This commit is contained in:
Lennart
2025-08-25 19:09:24 +02:00
parent f3a1f27caf
commit 2cf481d4e6
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/app.rs
View File

@@ -38,6 +38,7 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
oidc_config: Option<OidcConfig>,
nextcloud_login_config: NextcloudLoginConfig,
dav_push_enabled: bool,
session_cookie_samesite_strict: bool,
) -> Router<()> {
let combined_cal_store = Arc::new(CombinedCalendarStore::new(
cal_store.clone(),
@@ -128,7 +129,11 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
SessionManagerLayer::new(session_store)
.with_name("rustical_session")
.with_secure(true)
.with_same_site(SameSite::Strict)
.with_same_site(if session_cookie_samesite_strict {
SameSite::Strict
} else {
SameSite::Lax
})
.with_expiry(Expiry::OnInactivity(
tower_sessions::cookie::time::Duration::hours(2),
)),