From e2ef0a283f961df4041369d9dd74e7e29b3d252d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Pailharey?= <rpailharey@grandlyon.com>
Date: Fri, 13 Aug 2021 15:00:50 +0200
Subject: [PATCH] fix(auth): SameSite cookie attribute set from Strict to Lax

---
 internal/auth/oauth2.go   | 2 +-
 internal/tokens/tokens.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/auth/oauth2.go b/internal/auth/oauth2.go
index d7b5aff..870b2de 100644
--- a/internal/auth/oauth2.go
+++ b/internal/auth/oauth2.go
@@ -50,7 +50,7 @@ func (m Manager) HandleOAuth2Login(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		log.Fatalf("Error generating OAuth2 strate string :%v\n", err)
 	}
-	tokens.CreateCookie(oauthStateString, m.Hostname, oAuth2StateKey, 30*time.Second, w)
+	tokens.CreateCookie(oauthStateString, m.Hostname, oAuth2StateKey, 60*time.Second, w)
 	url := m.Config.AuthCodeURL(oauthStateString)
 	http.Redirect(w, r, url, http.StatusTemporaryRedirect)
 }
diff --git a/internal/tokens/tokens.go b/internal/tokens/tokens.go
index 287e925..c22225f 100644
--- a/internal/tokens/tokens.go
+++ b/internal/tokens/tokens.go
@@ -75,7 +75,7 @@ func CreateCookie(data interface{}, hostName string, cookieName string, duration
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	cookie := http.Cookie{Name: cookieName, Domain: hostName, Value: value, Expires: expiration, Secure: !m.debugMode, HttpOnly: true, SameSite: http.SameSiteStrictMode}
+	cookie := http.Cookie{Name: cookieName, Domain: hostName, Value: value, Expires: expiration, Secure: !m.debugMode, HttpOnly: true, SameSite: http.SameSiteLaxMode}
 	http.SetCookie(w, &cookie)
 }
 
-- 
GitLab