samesite session

lib/philomena_web/endpoint.ex

@@ -40,6 +40,7 @@ defmodule PhilomenaWeb.Endpoint do
   # Set :encryption_salt if you would also like to encrypt it.
   plug Plug.Session,
     store: :cookie,
+    extra: "SameSite=Lax",
     key: "_philomena_key",
     signing_salt: "signed cookie",
     encryption_salt: "authenticated encrypted cookie"

lib/philomena_web/plugs/content_security_policy_plug.ex

@@ -15,7 +15,7 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
   end
 
   def call(conn, [csp_value: csp_value]) do
-    Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
+    Conn.put_resp_header(conn, "content-security-policy", csp_value)
   end
 
   defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()