Blob Blame History Raw
From ca43d64e722f80ed91871c9ea31fbc7660aa9147 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Mon, 3 Feb 2020 10:34:10 +0100
Subject: [PATCH 17/19] fix: also add SameSite=None to by-value session cookies

bump to 2.4.2rc0

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit f6798246abc8fd8f865db313439882ac9f5771f3)
---
 ChangeLog     | 4 ++++
 src/session.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index b67f764..3db7110 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+02/03/2020
+- fix: also add SameSite=None to by-value session cookies
+- bump to 2.4.2rc0
+
 01/29/2020
 - always add a SameSite value to the Set-Cookie header to satisfy upcoming Chrome/Firefox changes
   this can be overridden by using, e.g.:
diff --git a/src/session.c b/src/session.c
index cd9ccb8..e7194bd 100644
--- a/src/session.c
+++ b/src/session.c
@@ -249,7 +249,7 @@ static apr_byte_t oidc_session_save_cookie(request_rec *r, oidc_session_t *z,
 							(first_time ?
 									OIDC_COOKIE_EXT_SAME_SITE_LAX :
 									OIDC_COOKIE_EXT_SAME_SITE_STRICT) :
-									NULL);
+									OIDC_COOKIE_EXT_SAME_SITE_NONE);
 
 	return TRUE;
 }
-- 
2.26.2