From d780299b77fff58f98a220562c73b53cb7c2dbbc Mon Sep 17 00:00:00 2001
From: Jana Cupova <root@localhost>
Date: Jun 07 2022 13:00:07 +0000
Subject: www: Set SameSite and Set-Cookie2


Fixes: https://pagure.io/koji/issue/3389

---

diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index b2da61c..57fab59 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -87,9 +87,9 @@ def _setUserCookie(environ, user):
     # the Cookie module treats integer expire times as relative seconds
     c['expires'] = int(options['LoginTimeout']) * 60 * 60
     out = c.OutputString()
-    out += '; HttpOnly'
+    out += '; HttpOnly; SameSite=Strict'
     environ['koji.headers'].append(['Set-Cookie', out])
-    environ['koji.headers'].append(['Cache-Control', 'no-cache="set-cookie"'])
+    environ['koji.headers'].append(['Cache-Control', 'no-cache="Set-Cookie, Set-Cookie2"'])
 
 
 def _clearUserCookie(environ):