From 1e400df324949c4397f8e91a9025826608701dca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=83=E6=B5=B7=E5=8D=83=E7=A7=8B?=
 <68492201+nanamicat@users.noreply.github.com>
Date: Sun, 16 Apr 2023 19:27:49 +0800
Subject: [PATCH] Set "SameSite=None" if CSRF Protection is disabled

PR #18843.
---
 src/webui/webapplication.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/webui/webapplication.cpp b/src/webui/webapplication.cpp
index ba24b9049..93d73e0f8 100644
--- a/src/webui/webapplication.cpp
+++ b/src/webui/webapplication.cpp
@@ -683,6 +683,8 @@ void WebApplication::sessionStart()
     QByteArray cookieRawForm = cookie.toRawForm();
     if (m_isCSRFProtectionEnabled)
         cookieRawForm.append("; SameSite=Strict");
+    else if (cookie.isSecure())
+        cookieRawForm.append("; SameSite=None");
     setHeader({Http::HEADER_SET_COOKIE, QString::fromLatin1(cookieRawForm)});
 }