Use SameSite=none for oauth state cookie (#30)

cthit · Sep 27, 2024 · 337ced7 · 337ced7
1 parent 6e91938
commit 337ced7
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/internal/app/web/authentication.go b/internal/app/web/authentication.go
@@ -50,7 +50,8 @@ func generateLoginURL(c *gin.Context) (string, error) {
 		fmt.Println("Failed to generate state")
 		return "", err
 	}
-	c.SetCookie("oauth_state", state, int(time.Hour.Seconds()), "/", os.Getenv("COOKIE_DOMAIN"), c.Request.TLS != nil, true)
+	c.SetSameSite(http.SameSiteNoneMode)
+	c.SetCookie("oauth_state", state, int(time.Hour.Seconds()), "/", os.Getenv("COOKIE_DOMAIN"), true, true)
 	return client.AuthCodeURL(state), nil
 }