]> git.proxmox.com Git - pve-http-server.git/blobdiff - src/PVE/APIServer/Formatter/Bootstrap.pm
projects / pve-http-server.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
formatter/bootstrap: set SameSite attr of auth cookie to 'strict'
[pve-http-server.git] / src / PVE / APIServer / Formatter / Bootstrap.pm
diff --git a/src/PVE/APIServer/Formatter/Bootstrap.pm b/src/PVE/APIServer/Formatter/Bootstrap.pm
index 001ad2b7f71e9cecc8bdf609bbdaf08ceecff960..9fb7785159fd44813c247c6e984b3856642cef27 100644 (file)
--- a/src/PVE/APIServer/Formatter/Bootstrap.pm
+++ b/src/PVE/APIServer/Formatter/Bootstrap.pm
@@ -88,7 +88,7 @@ sub body {
     $jssetup .= "PVE.delete_auth_cookie = function() {\n";
 
     if ($self->{cookie_name}) {
-       $jssetup .= "  document.cookie = \"$self->{cookie_name}=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; secure;\";\n";
+       $jssetup .= "  document.cookie = \"$self->{cookie_name}=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; secure; SameSite=Strict;\";\n";
     };
     $jssetup .= "};\n";
 
PVE HTTP Server