Use "Lax" for cookie "SameSite" restriction, otherwise OAuth2 does no…

…t work ...because the session resets after the redirect, and so the stored nonce/state is lost.
ElixirTeSS · Aug 29, 2024 · c626cc8 · c626cc8
1 parent ae15d3f
commit c626cc8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
-opts = Rails.env.production? ? { same_site: :strict, secure: true } : {}
+opts = Rails.env.production? ? { same_site: :lax, secure: true } : {}
 Rails.application.config.session_store :cookie_store, **opts