Set SameSite to LAX for OidcCookie

trinodb · May 30, 2024 · 3014fd1 · 3014fd1
1 parent fa86c26
commit 3014fd1
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/security/OidcCookie.java b/gateway-ha/src/main/java/io/trino/gateway/ha/security/OidcCookie.java
@@ -22,7 +22,7 @@
 
 import static com.google.common.base.Preconditions.checkState;
 import static io.trino.gateway.ha.resource.LoginResource.CALLBACK_ENDPOINT;
-import static jakarta.ws.rs.core.NewCookie.SameSite.STRICT;
+import static jakarta.ws.rs.core.NewCookie.SameSite.LAX;
 
 public class OidcCookie
 {
@@ -42,7 +42,7 @@ public static NewCookie create(String state, String nonce)
                 .value(String.join(DELIMITER, state, nonce))
                 .path(CALLBACK_ENDPOINT)
                 .maxAge(TOKEN_EXPIRATION_SECOND)
-                .sameSite(STRICT)
+                .sameSite(LAX)
                 .secure(true)
                 .httpOnly(true)
                 .build();
@@ -71,7 +71,7 @@ public static NewCookie delete()
                 .value("delete")
                 .path(CALLBACK_ENDPOINT)
                 .maxAge(0)
-                .sameSite(STRICT)
+                .sameSite(LAX)
                 .secure(true)
                 .httpOnly(true)
                 .build();