feat: fallback to SameSite Lax mode if cookie is not secure (#1105)

Also, will allow to set cookie `SameSite` mode on command line or environment. Note that `None` mode will be forced to ``Lax`` if cookie is set to not be secure. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
2026-04-19 06:44:58 +00:00 · 2025-09-13 18:56:54 +08:00
parent 401e18f29f
commit 29ae2a4b87
6 changed files with 94 additions and 2 deletions
--- a/lib/config.go
+++ b/lib/config.go
@@ -43,6 +43,7 @@ type Options struct {
 	OpenGraph            config.OpenGraph
 	ServeRobotsTXT       bool
 	CookieSecure         bool
+	CookieSameSite       http.SameSite
 	Logger               *slog.Logger
 	PublicUrl            string
 	JWTRestrictionHeader string