From 0fb9357e8719ac0ed85303aa0c591018536baae3 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Tue, 10 Dec 2024 20:15:41 +0100
Subject: [PATCH] set cookie SameSite option to 'Lax' for loginlinks to work as
 intended; fixes #1299

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/UI/Panel/UI.php | 2 +-
 lib/init.php                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php
index 3cec80f807..ebad473850 100644
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -121,7 +121,7 @@ public static function sendHeaders()
 			'domain' => self::getCookieHost(),
 			'secure' => self::requestIsHttps(),
 			'httponly' => true,
-			'samesite' => 'Strict'
+			'samesite' => 'Lax'
 		]);
 		session_start();
 
diff --git a/lib/init.php b/lib/init.php
index c4cc5bdcb9..ee61f5b879 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -374,7 +374,7 @@
 		'domain' => UI::getCookieHost(),
 		'secure' => UI::requestIsHttps(),
 		'httponly' => true,
-		'samesite' => 'Strict'
+		'samesite' => 'Lax'
 	];
 	setcookie(session_name(), $_COOKIE[session_name()], $cookie_params);
 } else {