You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2021/12/06 13:55:50 UTC
[couchdb] branch delete-session-cookie-samesite-main created (now f6088d3)
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a change to branch delete-session-cookie-samesite-main
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
at f6088d3 Add SameSite setting when clearing session cookie
This branch includes the following new commits:
new f6088d3 Add SameSite setting when clearing session cookie
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Add SameSite setting when clearing session cookie
Posted by rn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch delete-session-cookie-samesite-main
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit f6088d36cba96fbe512684363daf4d7ada000a78
Author: Robert Newson <rn...@apache.org>
AuthorDate: Mon Dec 6 13:55:34 2021 +0000
Add SameSite setting when clearing session cookie
---
src/couch/src/couch_httpd_auth.erl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index fd420bb..ed6b1e6 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -548,7 +548,7 @@ handle_session_req(#httpd{method = 'DELETE'} = Req, _AuthModule) ->
"AuthSession",
"",
[{path, "/"}] ++
- cookie_domain() ++ cookie_scheme(Req)
+ cookie_domain() ++ cookie_scheme(Req) ++ same_site()
),
{Code, Headers} =
case couch_httpd:qs_value(Req, "next", nil) of