From 77085efd87405c5a13baf4b6c88fac3e0625a9e5 Mon Sep 17 00:00:00 2001
From: fatchan <tom@69420.me>
Date: Mon, 1 Jul 2019 09:58:16 +0000
Subject: [PATCH] strict samesite instead of lax

---
 models/pages/captcha.js | 2 +-
 server.js               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/pages/captcha.js b/models/pages/captcha.js
index 1ccb724f..e58d071d 100644
--- a/models/pages/captcha.js
+++ b/models/pages/captcha.js
@@ -19,7 +19,7 @@ module.exports = async (req, res, next) => {
 			'maxAge': 5*60*1000, //5 minute cookie
 			'httpOnly': true,
 			'secure': true,
-			'sameSite': 'lax'
+			'sameSite': 'strict'
 		})
 		.redirect(`/captcha/${captchaId}.jpg`);
 
diff --git a/server.js b/server.js
index d82bb382..b31a7bd9 100644
--- a/server.js
+++ b/server.js
@@ -42,7 +42,7 @@ const express = require('express')
 		cookie: {
 			httpOnly: true,
 			secure: true,
-			sameSite: 'lax',
+			sameSite: 'strict',
 		}
 	}));