From 09a585c93bb28a49c9538b47803bb5341e9f928b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9ry=20Mathieu=20=28Mathius=29?=
 <ferymathieuy@gmail.com>
Date: Tue, 22 Feb 2022 18:57:21 +0100
Subject: [PATCH] Add sameSite policy in cookie management in server side

---
 src/invidious/user/cookies.cr | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/invidious/user/cookies.cr b/src/invidious/user/cookies.cr
index 367f700f..65e079ec 100644
--- a/src/invidious/user/cookies.cr
+++ b/src/invidious/user/cookies.cr
@@ -17,7 +17,8 @@ struct Invidious::User
         value: sid,
         expires: Time.utc + 2.years,
         secure: SECURE,
-        http_only: true
+        http_only: true,
+        samesite: HTTP::Cookie::SameSite::Strict
       )
     end
 
@@ -30,7 +31,8 @@ struct Invidious::User
         value: URI.encode_www_form(preferences.to_json),
         expires: Time.utc + 2.years,
         secure: SECURE,
-        http_only: false
+        http_only: false,
+        samesite: HTTP::Cookie::SameSite::Strict
       )
     end
   end