mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-09-21 01:27:10 +03:00
Updated admin cookie samesite attribute to 'none'
refs https://github.com/TryGhost/Team/issues/1664 We want to have the ability for the frontend to be aware of and make use of sessions with the admin. Because these run on different domains we need to update the cookie attributes to be more lax in terms of cross domain usage.
This commit is contained in:
parent
fc381b7626
commit
c756966ce9
@ -23,7 +23,7 @@ function getExpressSessionMiddleware() {
|
||||
maxAge: constants.SIX_MONTH_MS,
|
||||
httpOnly: true,
|
||||
path: urlUtils.getSubdir() + '/ghost',
|
||||
sameSite: 'lax',
|
||||
sameSite: 'none',
|
||||
secure: urlUtils.isSSL(config.get('url'))
|
||||
}
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user