Alternative for pikvm/kvmd#138: httponly=True, samesite=Strict

We don't use secure=True because there is a use case with disabled HTTPS. Thanks @ssza
2025-12-12 01:00:29 +08:00 · 2024-01-07 23:41:43 +02:00 · 2024-01-07 23:41:43 +02:00 · 4457187a86
commit 4457187a86
parent 98ff56e190
1 changed files with 1 additions and 1 deletions
--- a/kvmd/htserver.py
+++ b/kvmd/htserver.py
@ -167,7 +167,7 @@ def make_json_response(
    )
    if set_cookies:
        for (key, value) in set_cookies.items():
-            response.set_cookie(key, value)
+            response.set_cookie(key, value, httponly=True, samesite="Strict")
    return response