From 6fd75c3ba1d09a712aab13668da75c5995fa160c Mon Sep 17 00:00:00 2001
From: cecile <elicec12@gmail.com>
Date: Tue, 28 Mar 2017 01:36:25 -0700
Subject: [PATCH] Add SameSite to cookies #2187

---
 server/src/server.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/server.js b/server/src/server.js
index 3c32c37aa5..0ec66f9e2a 100644
--- a/server/src/server.js
+++ b/server/src/server.js
@@ -563,8 +563,8 @@ function sendAuthInfo(req, res, params) {
   let encodedAbTests = b64EncodeJson(userAbTests);
   let keygrip = dbschema.getKeygrip();
   let cookies = new Cookies(req, res, {keys: keygrip});
-  cookies.set("user", deviceId, {signed: true});
-  cookies.set("abtests", encodedAbTests, {signed: true});
+  cookies.set("user", deviceId, {signed: true, sameSite: 'lax'});
+  cookies.set("abtests", encodedAbTests, {signed: true, sameSite: 'lax'});
   let authHeader = `${deviceId}:${keygrip.sign(deviceId)};abTests=${encodedAbTests}:${keygrip.sign(encodedAbTests)}`;
   let responseJson = {
     ok: "User created",