TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-09-21 01:27:10 +03:00
Code Issues Projects Releases Wiki Activity

Updated admin cookie samesite attribute to 'none'

Browse Source 
refs https://github.com/TryGhost/Team/issues/1664

We want to have the ability for the frontend to be aware of and make use of
sessions with the admin. Because these run on different domains we need to
update the cookie attributes to be more lax in terms of cross domain usage.
This commit is contained in:
Fabien "egg" O'Carroll 2022-07-05 09:17:28 +02:00 committed by Hannah Wolfe
parent fc381b7626
commit c756966ce9
No known key found for this signature in database
GPG Key ID: AB586C3B5AE5C037
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/server/services/auth/session/express-session.js
View File

@ -23,7 +23,7 @@ function getExpressSessionMiddleware() {
maxAge: constants.SIX_MONTH_MS,
httpOnly: true,
path: urlUtils.getSubdir() + '/ghost',
sameSite: 'lax',
sameSite: 'none',
secure: urlUtils.isSSL(config.get('url'))
}
});