From fe41d445481c3b08c5fe34bd86f18982cabd4a4f Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Fri, 2 Sep 2022 19:08:01 +0200
Subject: [PATCH] Use SameSite strict for cookies

---
 config/initializers/session_store.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 57edb098..55ea37a8 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -6,4 +6,5 @@ Rails.application.config.session_store :cookie_store,
   key: '_code_ocean_session',
   expire_after: 1.month,
   secure: Rails.env.production? || Rails.env.staging?,
-  path: Rails.application.config.relative_url_root
+  path: Rails.application.config.relative_url_root,
+  same_site: :strict