From 22b925c8aed7b6e89dd1bf77b6a80da5595bf406 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 7 Mar 2021 08:12:43 +0000 Subject: [PATCH] Add SameSite setting for cookies (#14900) Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR. Fix #5583 Signed-off-by: Andrew Thornton --- doc/advanced/config-cheat-sheet.en-us.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md index 9a9eb1d4..70870d3e 100644 --- a/doc/advanced/config-cheat-sheet.en-us.md +++ b/doc/advanced/config-cheat-sheet.en-us.md @@ -557,6 +557,8 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID. - `GC_INTERVAL_TIME`: **86400**: GC interval in seconds. - `SESSION_LIFE_TIME`: **86400**: Session life time in seconds, default is 86400 (1 day) +- `DOMAIN`: **\**: Sets the cookie Domain +- `SAME_SITE`: **lax** \[strict, lax, none\]: Set the SameSite setting for the cookie. ## Picture (`picture`)