feat(dashboard): allow setting admin / app cookie security

Fixes #233
2022-10-02 22:01:22 +05:30
parent 4e1bba2ba8
commit 9cb011e921
11 changed files with 193 additions and 77 deletions
--- a/server/cookie/cookie.go
+++ b/server/cookie/cookie.go
@@ -29,8 +29,7 @@ func SetSession(gc *gin.Context, sessionID string) {
 		domain = "." + domain
 	}

-	// Use sameSite = lax by default
-	// Since app cookie can come from cross site it becomes important to set this in lax mode.
+	// Since app cookie can come from cross site it becomes important to set this in lax mode when insecure.
 	// Example person using custom UI on their app domain and making request to authorizer domain.
 	// For more information check:
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite