fix: Set sameSite to strict

actcoding · Oct 13, 2024 · 56d8e1b · 56d8e1b
1 parent d7d4a62
commit 56d8e1b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/frontend/src/lib/actions/auth.ts b/frontend/src/lib/actions/auth.ts
@@ -12,8 +12,8 @@ export async function getAppSession(): Promise<IronSession<AppSession>> {
         password: process.env.APP_SECRET as string,
         cookieName: 'intranet_session',
         cookieOptions: {
-            // TODO: Evaluate most appropriate cookie settings
             secure: isProduction(),
+            sameSite: 'strict',
         },
         ttl: 60 * 60 * 24 * 7,
     })