🐛 Fix unexpected default cookies behavior on redirectiong to penpot.

The SameSite=Strict on chrome behaves differently than in Firefox and makes the top-level url redirect not sending cookies if the user is redirected from other page to penpot. The SameSite=Lax fixes the issue.
2025-05-16 12:46:10 +02:00 · 2022-01-11 11:54:11 +01:00 · 2022-01-11 11:54:11 +01:00 · 2feb22d3bd
commit 2feb22d3bd
parent f74569506e
2 changed files with 2 additions and 3 deletions
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -58,9 +58,7 @@
    (assoc response :cookies {cookie-name {:path "/"
                                           :http-only true
                                           :value id
-                                           :same-site (cond (not secure?) :lax
-                                                            cors?         :none
-                                                            :else         :strict)
+                                           :same-site (if cors? :none :lax)
                                           :secure secure?}})))

 (defn- clear-cookies