From 1ef0ea3f7f66a0e8cb378a1b9940523e0f858600 Mon Sep 17 00:00:00 2001
From: thevickypedia <vignesh.sivanandarao@gmail.com>
Date: Fri, 23 Feb 2024 11:18:02 -0600
Subject: [PATCH] Set `samesite` to `strict` for cookies

---
 pystream/main.py         | 2 +-
 pystream/routers/auth.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pystream/main.py b/pystream/main.py
index b5b836e..64e36db 100644
--- a/pystream/main.py
+++ b/pystream/main.py
@@ -37,7 +37,7 @@ async def redirect_exception_handler(request: Request,
     else:
         response = RedirectResponse(url=exception.location)
     if exception.detail:
-        response.set_cookie("detail", exception.detail.upper())
+        response.set_cookie("detail", exception.detail.upper(), httponly=True, samesite="strict")
     return response
 
 
diff --git a/pystream/routers/auth.py b/pystream/routers/auth.py
index f560b6f..6964a75 100644
--- a/pystream/routers/auth.py
+++ b/pystream/routers/auth.py
@@ -71,7 +71,8 @@ async def login(request: Request) -> JSONResponse:
                          value=config.static.cipher_suite.encrypt(str(auth_payload).encode("utf-8")).decode(),
                          max_age=config.env.session_duration,
                          expires=expiration,
-                         httponly=True)
+                         httponly=True,
+                         samesite="strict")
     if config.env.secure_session:
         cookie_kwargs["secure"] = True
     response.set_cookie(**cookie_kwargs)