fix(server): update comments for host & cookies

2022-09-28 10:36:56 +05:30
parent b1bc7b5370
commit f5323e0eec
2 changed files with 4 additions and 2 deletions
--- a/server/cookie/cookie.go
+++ b/server/cookie/cookie.go
@@ -30,6 +30,8 @@ func SetSession(gc *gin.Context, sessionID string) {
 	}

 	// Use sameSite = lax by default
+	// Since app cookie can come from cross site it becomes important to set this in lax mode.
+	// Example person using custom UI on their app domain and making request to authorizer domain.
 	// For more information check:
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 	// https://github.com/gin-gonic/gin/blob/master/context.go#L86