From 144c95793a62bd5393322d8aa2d0fdaf7d4d0380 Mon Sep 17 00:00:00 2001
From: Plumey Simon <simon.plumey@he-arc.ch>
Date: Wed, 1 May 2024 14:42:54 +0200
Subject: [PATCH] adding SameSite=Strict

---
 frontend/src/api_client.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/api_client.js b/frontend/src/api_client.js
index d7f5184..24f883c 100644
--- a/frontend/src/api_client.js
+++ b/frontend/src/api_client.js
@@ -192,7 +192,7 @@ export default
         if (response.status === 200) {
             // set cookie
             let date = new Date(response.data.expires).toUTCString()
-            document.cookie = `access_token=Token ${response.data.token};secure;expires=${date};`; // TODO adding expires date from backend
+            document.cookie = `access_token=Token ${response.data.token};expires=${date};SameSite=Strict;Secure;`; // TODO adding expires date from backend
 
             // set axios header
             axios.defaults.headers.common['Authorization'] = "Token " + response.data.token;
@@ -223,7 +223,7 @@ export default
      */
     static async logoutUser() {
         // remove cookie
-        document.cookie = `access_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC; secure`;
+        document.cookie = `access_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC;`;
 
         // remove axios header
         delete axios.defaults.headers.common['Authorization'];