Set SameSite attribute to "Strict"

teslamate-org · Aug 21, 2020 · 615dfdf · 615dfdf
1 parent 95bc0ae
commit 615dfdf
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 10 deletions.
diff --git a/lib/teslamate_web/endpoint.ex b/lib/teslamate_web/endpoint.ex
@@ -4,7 +4,8 @@ defmodule TeslaMateWeb.Endpoint do
   @session_options [
     store: :cookie,
     key: "_teslamate_key",
-    signing_salt: "yt5O3CAQ"
+    signing_salt: "yt5O3CAQ",
+    same_site: "Strict"
   ]
 
   socket "/live", Phoenix.LiveView.Socket,

diff --git a/lib/teslamate_web/plugs/donate.ex b/lib/teslamate_web/plugs/donate.ex
@@ -12,15 +12,10 @@ defmodule TeslaMateWeb.Plugs.Donate do
   def call(conn, _opts), do: put_donate_cookie(conn)
 
   defp put_donate_cookie(conn) do
-    cond do
-      importing_data?() ->
-        put_resp_cookie(conn, "donate", "0", max_age: @max_age)
-
-      Release.seconds_since_last_migration() < @max_age / 2 ->
-        put_resp_cookie(conn, "donate", "0", max_age: @max_age)
-
-      true ->
-        conn
+    if importing_data?() or Release.seconds_since_last_migration() < @max_age / 2 do
+      put_resp_cookie(conn, "donate", "0", max_age: @max_age, same_site: "Strict")
+    else
+      conn
     end
   end