From 961c939255e269ae2c09761b88038e0bf19b69e0 Mon Sep 17 00:00:00 2001
From: Hannes Klinckaert <hannes-dev@mailbox.org>
Date: Fri, 19 Jul 2024 02:37:28 +0200
Subject: [PATCH] make cookies samesite lax

---
 src/controllers/oauth_controller.rs | 2 +-
 src/ephemeral/session.rs            | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/controllers/oauth_controller.rs b/src/controllers/oauth_controller.rs
index 15032c7..78a9d5b 100644
--- a/src/controllers/oauth_controller.rs
+++ b/src/controllers/oauth_controller.rs
@@ -49,7 +49,7 @@ impl AuthState {
 	}
 
 	pub fn into_cookie(self) -> Result<Cookie<'static>> {
-		Ok(Cookie::new(OAUTH_COOKIE, self.encode_b64()?))
+		Ok(Cookie::build((OAUTH_COOKIE, self.encode_b64()?)).same_site(rocket::http::SameSite::Lax).build())
 	}
 
 	pub fn from_req(
diff --git a/src/ephemeral/session.rs b/src/ephemeral/session.rs
index a65b594..62e7b6e 100644
--- a/src/ephemeral/session.rs
+++ b/src/ephemeral/session.rs
@@ -19,7 +19,7 @@ pub fn ensure_logged_in_and_redirect(
 	cookies: &CookieJar,
 	uri: Origin,
 ) -> Redirect {
-	cookies.add_private(Cookie::new(REDIRECT_COOKIE, uri.to_string()));
+	cookies.add_private(Cookie::build((REDIRECT_COOKIE, uri.to_string())).same_site(rocket::http::SameSite::Lax));
 	Redirect::to(uri!(new_session))
 }
 
@@ -45,11 +45,11 @@ impl SessionCookie {
 		SessionCookie {
 			session_id: session.id,
 		}
-	}
+	}	
 
 	pub fn login(self, cookies: &CookieJar) {
 		let session_str = serde_urlencoded::to_string(self).unwrap();
-		let session_cookie = Cookie::new(SESSION_COOKIE, session_str);
+		let session_cookie = Cookie::build((SESSION_COOKIE, session_str)).same_site(rocket::http::SameSite::Lax);
 		cookies.add_private(session_cookie);
 	}