explicitly set SameSite for preload session cookie

2021-03-23 10:46:50 -04:00 · 2021-03-23 10:46:50 -04:00 · a0d93f3375
commit a0d93f3375
parent 35f926e00e
1 changed files with 1 additions and 1 deletions
--- a/nginx/snippets/preload.conf
+++ b/nginx/snippets/preload.conf
@ -1,3 +1,3 @@
 add_header Link $preload_resources always;
-add_header Set-Cookie "__Host-preload=1; HttpOnly; Secure; Path=/" always;
+add_header Set-Cookie "__Host-preload=1; HttpOnly; Secure; SameSite=Lax; Path=/" always;
 http2_push_preload on;