Alternative for pikvm/kvmd#138: httponly=True, samesite=Strict

We don't use secure=True because there is a use case with disabled HTTPS. Thanks @ssza
2026-01-29 00:51:53 +08:00 · 2024-01-07 23:41:43 +02:00
parent 98ff56e190
commit 4457187a86
1 changed files with 1 additions and 1 deletions
--- a/kvmd/htserver.py
+++ b/kvmd/htserver.py
@@ -167,7 +167,7 @@ def make_json_response(
    )
    if set_cookies:
        for (key, value) in set_cookies.items():
-            response.set_cookie(key, value)
+            response.set_cookie(key, value, httponly=True, samesite="Strict")
    return response