From 5ae46af107612609e68026b2c4fdb1faf701ba3b Mon Sep 17 00:00:00 2001
From: Simon Bihel <simon.bihel@spruceid.com>
Date: Fri, 19 Aug 2022 11:31:46 +0100
Subject: [PATCH] Remove secure cookie for easier local testing

Still rely on samesite and httponly
---
 src/oidc.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/oidc.rs b/src/oidc.rs
index 4333eb6..3a6ee15 100644
--- a/src/oidc.rs
+++ b/src/oidc.rs
@@ -1,6 +1,6 @@
 use anyhow::{anyhow, Result};
 use chrono::{Duration, Utc};
-use cookie::Cookie;
+use cookie::{Cookie, SameSite};
 use ethers_core::{types::H160, utils::to_checksum};
 use headers::{self, authorization::Bearer};
 use hex::FromHex;
@@ -440,9 +440,7 @@ pub async fn authorize(
         )
         .await?;
     let session_cookie = Cookie::build(SESSION_COOKIE_NAME, session_id.to_string())
-        // .domain(base)
-        // .path("/")
-        .secure(true)
+        .same_site(SameSite::Strict)
         .http_only(true)
         .max_age(cookie::time::Duration::seconds(
             SESSION_LIFETIME.try_into().unwrap(),