fix: allow oauth_state token to be cross-domain (#40)

External OIDC providers won’t work with the current setup.
This commit is contained in:
Peter Olds
2025-01-12 13:27:06 -08:00
committed by GitHub
parent 51f6391ded
commit 9a12dab600

View File

@@ -60,7 +60,8 @@ func OIDCLoginHandler(w http.ResponseWriter, r *http.Request) {
Value: state,
MaxAge: 300,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteNoneMode,
Secure: true,
Path: "/",
})