Alternative for pikvm/kvmd#138: httponly=True, samesite=Strict

We don't use secure=True because there is a use case with disabled HTTPS. Thanks @ssza
author: Maxim Devaev <[email protected]> 2024-01-07 23:41:43 +0200
committer: Maxim Devaev <[email protected]> 2024-01-07 23:41:43 +0200
commit: 4457187a8655743d2c7d0c9e643fd91c29b4aaad (patch)
tree: e428d2300467f90830746e3f26379e25f1a26fb2
parent: 98ff56e19089dbf5074be45452f93de0e1fb25fe (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kvmd/htserver.py b/kvmd/htserver.py
index df5a3123..2974feed 100644
--- a/kvmd/htserver.py
+++ b/kvmd/htserver.py
@@ -167,7 +167,7 @@ def make_json_response(
     )
     if set_cookies:
         for (key, value) in set_cookies.items():
-            response.set_cookie(key, value)
+            response.set_cookie(key, value, httponly=True, samesite="Strict")
     return response
author	Maxim Devaev <[email protected]>	2024-01-07 23:41:43 +0200
committer	Maxim Devaev <[email protected]>	2024-01-07 23:41:43 +0200
commit	4457187a8655743d2c7d0c9e643fd91c29b4aaad (patch)
tree	e428d2300467f90830746e3f26379e25f1a26fb2
parent	98ff56e19089dbf5074be45452f93de0e1fb25fe (diff)