From 56d8e1bc8cc23edf17ce5f1e7b1faa223d0cd5cc Mon Sep 17 00:00:00 2001
From: Christopher Werl <christopher.werl@adesso.de>
Date: Sun, 13 Oct 2024 13:14:51 +0200
Subject: [PATCH] fix: Set sameSite to strict

---
 frontend/src/lib/actions/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/lib/actions/auth.ts b/frontend/src/lib/actions/auth.ts
index 57c7afb..3575085 100644
--- a/frontend/src/lib/actions/auth.ts
+++ b/frontend/src/lib/actions/auth.ts
@@ -12,8 +12,8 @@ export async function getAppSession(): Promise<IronSession<AppSession>> {
         password: process.env.APP_SECRET as string,
         cookieName: 'intranet_session',
         cookieOptions: {
-            // TODO: Evaluate most appropriate cookie settings
             secure: isProduction(),
+            sameSite: 'strict',
         },
         ttl: 60 * 60 * 24 * 7,
     })