From df1404b6731b64b0726adca1e7c47a4461c14a81 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 14 Dec 2020 14:48:06 -0600
Subject: [PATCH] js: set SameSite=Lax on cookies set by Javascript.

This is the new default for most browsers nowadays. Fixes a warning in
Firefox about using SameSite=None without the Secure flag.
---
 app/javascript/src/javascripts/cookie.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/javascript/src/javascripts/cookie.js b/app/javascript/src/javascripts/cookie.js
index 20a5e4b0b..1c457d11b 100644
--- a/app/javascript/src/javascripts/cookie.js
+++ b/app/javascript/src/javascripts/cookie.js
@@ -14,7 +14,7 @@ Cookie.put = function(name, value, days) {
     expires = "expires=" + date.toGMTString() + "; ";
   }
 
-  var new_val = name + "=" + encodeURIComponent(value) + "; " + expires + "path=/";
+  var new_val = name + "=" + encodeURIComponent(value) + "; " + expires + "path=/; SameSite=Lax";
   if (document.cookie.length < (4090 - new_val.length)) {
     document.cookie = new_val;
     return true;