From cbf30830d2e856504849930a2dab6ae999376c6b Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Mon, 31 May 2021 19:22:36 +0100
Subject: [PATCH] Add missing SameSite settings for the i_like_gitea cookie
 (#16037)

The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.

This PR ensures that they are set.

Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 routers/api/v1/api.go     | 1 +
 routers/routes/install.go | 1 +
 routers/routes/web.go     | 1 +
 3 files changed, 3 insertions(+)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 5656730608..f3efd67bb3 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -557,6 +557,7 @@ func Routes() *web.Route {
 		Gclifetime:     setting.SessionConfig.Gclifetime,
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
+		SameSite:       setting.SessionConfig.SameSite,
 		Domain:         setting.SessionConfig.Domain,
 	}))
 	m.Use(securityHeaders())
diff --git a/routers/routes/install.go b/routers/routes/install.go
index 18e74f005f..2a2c8f1d2b 100644
--- a/routers/routes/install.go
+++ b/routers/routes/install.go
@@ -94,6 +94,7 @@ func InstallRoutes() *web.Route {
 		Gclifetime:     setting.SessionConfig.Gclifetime,
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
+		SameSite:       setting.SessionConfig.SameSite,
 		Domain:         setting.SessionConfig.Domain,
 	}))
 
diff --git a/routers/routes/web.go b/routers/routes/web.go
index cc65ad6d9f..6d91eb1b3c 100644
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -161,6 +161,7 @@ func WebRoutes() *web.Route {
 		Gclifetime:     setting.SessionConfig.Gclifetime,
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
+		SameSite:       setting.SessionConfig.SameSite,
 		Domain:         setting.SessionConfig.Domain,
 	}))