From: Tom Hughes <tom@compton.nu>
Date: Mon, 17 May 2021 18:06:43 +0000 (+0100)
Subject: Mark javascript issued cookies with SameSite=Lax
X-Git-Tag: live~1608
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/0a15112423ebe2b2fece82f94ee67e3416d1cecb

Mark javascript issued cookies with SameSite=Lax
---

diff --git a/app/assets/javascripts/index.js b/app/assets/javascripts/index.js
index 9305a5415..f0b96f59f 100644
--- a/app/assets/javascripts/index.js
+++ b/app/assets/javascripts/index.js
@@ -188,8 +188,7 @@ $(document).ready(function () {
       map.getLayersCode(),
       map._object);
 
-    Cookies.remove("_osm_location");
-    Cookies.set("_osm_location", OSM.locationCookie(map), { secure: true, expires: expiry, path: "/" });
+    Cookies.set("_osm_location", OSM.locationCookie(map), { secure: true, expires: expiry, path: "/", samesite: "lax" });
   });
 
   if (Cookies.get("_osm_welcome") !== "hide") {
@@ -198,7 +197,7 @@ $(document).ready(function () {
 
   $(".welcome .close").on("click", function () {
     $(".welcome").removeClass("visible");
-    Cookies.set("_osm_welcome", "hide", { secure: true, expires: expiry, path: "/" });
+    Cookies.set("_osm_welcome", "hide", { secure: true, expires: expiry, path: "/", samesite: "lax" });
   });
 
   var bannerExpiry = new Date();
@@ -209,7 +208,7 @@ $(document).ready(function () {
     $("#banner").hide();
     e.preventDefault();
     if (cookieId) {
-      Cookies.set(cookieId, "hide", { secure: true, expires: bannerExpiry, path: "/" });
+      Cookies.set(cookieId, "hide", { secure: true, expires: bannerExpiry, path: "/", samesite: "lax" });
     }
   });
 
diff --git a/app/assets/javascripts/index/directions.js b/app/assets/javascripts/index/directions.js
index 93024d0a9..18466864b 100644
--- a/app/assets/javascripts/index/directions.js
+++ b/app/assets/javascripts/index/directions.js
@@ -334,7 +334,7 @@ OSM.Directions = function (map) {
 
   select.on("change", function (e) {
     chosenEngine = engines[e.target.selectedIndex];
-    Cookies.set("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/" });
+    Cookies.set("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/", samesite: "lax" });
     getRoute(true, true);
   });