From 86751c7ae29073882765941b5c636a178b2d6d19 Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <m.bunkus@linet.de>
Date: Mon, 11 Apr 2022 15:26:57 +0200
Subject: [PATCH] SameSite-Attribut des Session-Cookies auf Strict setzen

---
 SL/Form.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SL/Form.pm b/SL/Form.pm
index 46c7f6ea5..fd79b9628 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -389,6 +389,7 @@ sub create_http_response {
                                      '-path'    => $uri->path,
                                      '-expires' => '+' . $::auth->{session_timeout} . 'm',
                                      '-secure'  => $::request->is_https);
+      $session_cookie = "$session_cookie; SameSite=strict";
     }
   }
 
-- 
2.20.1