Add SameSite to cookies #2187

mozilla-services · Mar 28, 2017 · 6fd75c3 · 6fd75c3
1 parent c8e2282
commit 6fd75c3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/server/src/server.js b/server/src/server.js
@@ -563,8 +563,8 @@ function sendAuthInfo(req, res, params) {
   let encodedAbTests = b64EncodeJson(userAbTests);
   let keygrip = dbschema.getKeygrip();
   let cookies = new Cookies(req, res, {keys: keygrip});
-  cookies.set("user", deviceId, {signed: true});
-  cookies.set("abtests", encodedAbTests, {signed: true});
+  cookies.set("user", deviceId, {signed: true, sameSite: 'lax'});
+  cookies.set("abtests", encodedAbTests, {signed: true, sameSite: 'lax'});
   let authHeader = `${deviceId}:${keygrip.sign(deviceId)};abTests=${encodedAbTests}:${keygrip.sign(encodedAbTests)}`;
   let responseJson = {
     ok: "User created",