From: Tom Hughes <tom@compton.nu>
Date: Mon, 17 May 2021 17:39:22 +0000 (+0100)
Subject: Default rails generated cookies to SameSite=Lax
X-Git-Tag: live~1617
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/84abb70f17d4e6087387f364d2c14503395054af

Default rails generated cookies to SameSite=Lax
---

diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb
index dd27b5e20..f80d838e7 100644
--- a/config/initializers/new_framework_defaults_6_1.rb
+++ b/config/initializers/new_framework_defaults_6_1.rb
@@ -23,7 +23,7 @@ Rails.application.config.active_job.skip_after_callbacks_if_terminated = true
 #
 # This change is not backwards compatible with earlier Rails versions.
 # It's best enabled when your entire app is migrated and stable on 6.1.
-# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
+Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
 
 # Generate CSRF tokens that are encoded in URL-safe Base64.
 #