From d362304d2dc0f3c8eb81992c4fbb77753dab6791 Mon Sep 17 00:00:00 2001
From: "byte[]" <byteslice@airmail.cc>
Date: Tue, 7 Jan 2020 10:43:16 -0500
Subject: [PATCH] samesite=lax for persistent session

---
 lib/philomena_web/endpoint.ex | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/philomena_web/endpoint.ex b/lib/philomena_web/endpoint.ex
index e09d7deb..cd2a8a28 100644
--- a/lib/philomena_web/endpoint.ex
+++ b/lib/philomena_web/endpoint.ex
@@ -46,7 +46,9 @@ defmodule PhilomenaWeb.Endpoint do
     encryption_salt: "authenticated encrypted cookie"
 
   plug Pow.Plug.Session, otp_app: :philomena
-  plug PowPersistentSession.Plug.Cookie, otp_app: :philomena
+  plug PowPersistentSession.Plug.Cookie,
+    otp_app: :philomena,
+    persistent_session_cookie_opts: [extra: "SameSite=Lax"]
 
   plug PhilomenaWeb.ReloadUserPlug
   plug PhilomenaWeb.RenderTimePlug