From 7b36f99c094de5d9d8428f6ff47a16120fc85eee Mon Sep 17 00:00:00 2001
From: "byte[]" <byteslice@airmail.cc>
Date: Tue, 26 May 2020 17:37:49 -0400
Subject: [PATCH] set samesite attribute to lax on all cookies to fix warnings

---
 assets/js/fingerprint.js                                 | 2 +-
 lib/philomena_web/controllers/channel/nsfw_controller.ex | 2 +-
 lib/philomena_web/controllers/setting_controller.ex      | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/assets/js/fingerprint.js b/assets/js/fingerprint.js
index aac85635..cbc27c3a 100644
--- a/assets/js/fingerprint.js
+++ b/assets/js/fingerprint.js
@@ -45,7 +45,7 @@ function setFingerprintCookie() {
     fingerprint = 'c1836832948';
   }
 
-  document.cookie = `_ses=${fingerprint}; path=/`;
+  document.cookie = `_ses=${fingerprint}; path=/; SameSite=Lax`;
 }
 
 export { setFingerprintCookie };
diff --git a/lib/philomena_web/controllers/channel/nsfw_controller.ex b/lib/philomena_web/controllers/channel/nsfw_controller.ex
index 1469a7a3..9d6723fc 100644
--- a/lib/philomena_web/controllers/channel/nsfw_controller.ex
+++ b/lib/philomena_web/controllers/channel/nsfw_controller.ex
@@ -20,6 +20,6 @@ defmodule PhilomenaWeb.Channel.NsfwController do
   # Duplicated from setting controller
   defp set_cookie(conn, cookie_name, value) do
     # JS wants access; max-age is set to 25 years from now
-    Conn.put_resp_cookie(conn, cookie_name, value, max_age: 788_923_800, http_only: false)
+    Conn.put_resp_cookie(conn, cookie_name, value, max_age: 788_923_800, http_only: false, extra: "SameSite=Lax")
   end
 end
diff --git a/lib/philomena_web/controllers/setting_controller.ex b/lib/philomena_web/controllers/setting_controller.ex
index f53ff85f..b23707df 100644
--- a/lib/philomena_web/controllers/setting_controller.ex
+++ b/lib/philomena_web/controllers/setting_controller.ex
@@ -48,7 +48,8 @@ defmodule PhilomenaWeb.SettingController do
     # JS wants access; max-age is set to 25 years from now
     Conn.put_resp_cookie(conn, cookie_name, to_string(params[param_name] == "true"),
       max_age: 788_923_800,
-      http_only: false
+      http_only: false,
+      extra: "SameSite=Lax"
     )
   end