From 70e97ec8d40d6166a5e08cbdb978404c620fe6ba Mon Sep 17 00:00:00 2001
From: im-adithya <imadithyavardhan@gmail.com>
Date: Fri, 30 Jun 2023 13:42:02 +0530
Subject: [PATCH] fix: set same site to lax

---
 alby.go          | 2 ++
 echo_handlers.go | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/alby.go b/alby.go
index 9baf3841..bc5dba29 100644
--- a/alby.go
+++ b/alby.go
@@ -153,6 +153,7 @@ func (svc *AlbyOAuthService) AuthHandler(c echo.Context) error {
 	if (sess.Values["user_id"] != nil) {
 		delete(sess.Values, "user_id")
 		sess.Options.MaxAge = 0
+		sess.Options.SameSite = http.SameSiteLaxMode
 		if svc.cfg.CookieDomain != "" {
 			sess.Options.Domain = svc.cfg.CookieDomain
 		}
@@ -203,6 +204,7 @@ func (svc *AlbyOAuthService) CallbackHandler(c echo.Context) error {
 
 	sess, _ := session.Get(CookieName, c)
 	sess.Options.MaxAge = 0
+	sess.Options.SameSite = http.SameSiteLaxMode
 	if svc.cfg.CookieDomain != "" {
 		sess.Options.Domain = svc.cfg.CookieDomain
 	}
diff --git a/echo_handlers.go b/echo_handlers.go
index a0d27607..eab35c1c 100644
--- a/echo_handlers.go
+++ b/echo_handlers.go
@@ -93,6 +93,7 @@ func (svc *Service) IndexHandler(c echo.Context) error {
 	if user != nil && returnTo != nil {
 		delete(sess.Values, "return_to")
 		sess.Options.MaxAge = 0
+		sess.Options.SameSite = http.SameSiteLaxMode
 		if svc.cfg.CookieDomain != "" {
 			sess.Options.Domain = svc.cfg.CookieDomain
 		}
@@ -232,6 +233,7 @@ func (svc *Service) AppsNewHandler(c echo.Context) error {
 		sess, _ := session.Get(CookieName, c)
 		sess.Values["return_to"] = c.Path() + "?" + c.QueryString()
 		sess.Options.MaxAge = 0
+		sess.Options.SameSite = http.SameSiteLaxMode
 		if svc.cfg.CookieDomain != "" {
 			sess.Options.Domain = svc.cfg.CookieDomain
 		}