version 0.9.1

Cargo.lock

@@ -3040,7 +3040,7 @@ dependencies = [
 
 [[package]]
 name = "rustical"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "anyhow",
  "argon2",
@@ -3083,7 +3083,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_caldav"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-std",
  "async-trait",
@@ -3123,7 +3123,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_carddav"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-trait",
  "axum",
@@ -3155,7 +3155,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_dav"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-trait",
  "axum",
@@ -3180,7 +3180,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_dav_push"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-trait",
  "axum",
@@ -3205,7 +3205,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_frontend"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "askama",
  "askama_web",
@@ -3238,7 +3238,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_ical"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "axum",
  "chrono",
@@ -3256,7 +3256,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_oidc"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-trait",
  "axum",
@@ -3271,7 +3271,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_store"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -3305,7 +3305,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_store_sqlite"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "async-trait",
  "chrono",
@@ -3326,7 +3326,7 @@ dependencies = [
 
 [[package]]
 name = "rustical_xml"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "quick-xml",
  "thiserror 2.0.16",

Cargo.toml

@@ -2,7 +2,7 @@
 members = ["crates/*"]
 
 [workspace.package]
-version = "0.9.0"
+version = "0.9.1"
 edition = "2024"
 description = "A CalDAV server"
 repository = "https://github.com/lennart-k/rustical"

src/app.rs

@@ -38,6 +38,7 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
     oidc_config: Option<OidcConfig>,
     nextcloud_login_config: NextcloudLoginConfig,
     dav_push_enabled: bool,
+    session_cookie_samesite_strict: bool,
 ) -> Router<()> {
     let combined_cal_store = Arc::new(CombinedCalendarStore::new(
         cal_store.clone(),
@@ -128,7 +129,11 @@ pub fn make_app<AS: AddressbookStore, CS: CalendarStore, S: SubscriptionStore>(
             SessionManagerLayer::new(session_store)
                 .with_name("rustical_session")
                 .with_secure(true)
-                .with_same_site(SameSite::Strict)
+                .with_same_site(if session_cookie_samesite_strict {
+                    SameSite::Strict
+                } else {
+                    SameSite::Lax
+                })
                 .with_expiry(Expiry::OnInactivity(
                     tower_sessions::cookie::time::Duration::hours(2),
                 )),

src/config.rs

@@ -7,6 +7,7 @@ use serde::{Deserialize, Serialize};
 pub struct HttpConfig {
     pub host: String,
     pub port: u16,
+    pub session_cookie_samesite_strict: bool,
 }
 
 impl Default for HttpConfig {
@@ -14,6 +15,7 @@ impl Default for HttpConfig {
         Self {
             host: "0.0.0.0".to_owned(),
             port: 4000,
+            session_cookie_samesite_strict: false,
         }
     }
 }

src/main.rs

@@ -116,6 +116,7 @@ async fn main() -> Result<()> {
                 config.oidc.clone(),
                 config.nextcloud_login.clone(),
                 config.dav_push.enabled,
+                config.http.session_cookie_samesite_strict,
             );
             let app = ServiceExt::<Request>::into_make_service(
                 NormalizePathLayer::trim_trailing_slash().layer(app),