From 4457187a8655743d2c7d0c9e643fd91c29b4aaad Mon Sep 17 00:00:00 2001
From: Maxim Devaev <mdevaev@gmail.com>
Date: Sun, 7 Jan 2024 23:41:43 +0200
Subject: [PATCH] Alternative for pikvm/kvmd#138: httponly=True,
 samesite=Strict

We don't use secure=True because there is a use case with disabled HTTPS.

Thanks @ssza
---
 kvmd/htserver.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kvmd/htserver.py b/kvmd/htserver.py
index df5a3123..2974feed 100644
--- a/kvmd/htserver.py
+++ b/kvmd/htserver.py
@@ -167,7 +167,7 @@ def make_json_response(
     )
     if set_cookies:
         for (key, value) in set_cookies.items():
-            response.set_cookie(key, value)
+            response.set_cookie(key, value, httponly=True, samesite="Strict")
     return response