From 83c56d82ec4bb97d5e9e2faccf00dd5ef169d517 Mon Sep 17 00:00:00 2001
From: Wilfredo Alcala <alcalawilfre@gmail.com>
Date: Thu, 12 Jan 2023 15:10:01 -0400
Subject: [PATCH] modify cookies SameSite property (#84)

---
 api/handler/common.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/handler/common.go b/api/handler/common.go
index d1f710c3..c1699b63 100644
--- a/api/handler/common.go
+++ b/api/handler/common.go
@@ -56,7 +56,7 @@ func SetJWTCookie(c echo.Context, jwt service.JWT) error {
 	cookie.Value = jwt.Token
 	// cookie.HttpOnly = true // due the short expiration time it is not needed to be http only
 	cookie.Expires = jwt.ExpAt // we want the cookie to expire at the same time as the token
-	cookie.SameSite = http.SameSiteLaxMode
+	cookie.SameSite = http.SameSiteNoneMode
 	cookie.Path = "/"             // Send cookie in every sub path request
 	cookie.Secure = !IsLocalEnv() // in production allow https only
 	c.SetCookie(cookie)
@@ -70,7 +70,7 @@ func SetRefreshTokenCookie(c echo.Context, refresh service.RefreshTokenResponse)
 	cookie.Value = refresh.Token
 	cookie.HttpOnly = true
 	cookie.Expires = refresh.ExpAt // we want the cookie to expire at the same time as the token
-	cookie.SameSite = http.SameSiteLaxMode
+	cookie.SameSite = http.SameSiteNoneMode
 	cookie.Path = "/login/"       // Send cookie only in /login path request
 	cookie.Secure = !IsLocalEnv() // in production allow https only
 	c.SetCookie(cookie)
@@ -107,7 +107,7 @@ func DeleteAuthCookies(c echo.Context) error {
 	cookie.Name = "refresh_token"
 	cookie.Value = ""
 	cookie.Expires = time.Now()
-	cookie.SameSite = http.SameSiteLaxMode
+	cookie.SameSite = http.SameSiteNoneMode
 	cookie.Path = "/login/" // Send cookie only in refresh path request
 	cookie.Secure = !IsLocalEnv()
 	c.SetCookie(cookie)