From c80fe8eac492fdb820a1dbec781376186e6cd836 Mon Sep 17 00:00:00 2001
From: iou1name <iou1name@national.shitposting.agency>
Date: Sat, 15 Aug 2020 01:29:59 -0400
Subject: [PATCH] update buckler middleware

---
 buckler_flask.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/buckler_flask.py b/buckler_flask.py
index 0ed5429..2d2ee72 100644
--- a/buckler_flask.py
+++ b/buckler_flask.py
@@ -76,13 +76,15 @@ class BucklerSessionInterface(SessionInterface):
 				session.cookies['userid'],
 				max_age=30*24*60*60,
 				secure=True,
-				httponly=True)
+				httponly=True,
+				samesite='strict')
 			response.set_cookie(
 				'session',
 				session.cookies['session'],
 				max_age=30*24*60*60,
 				secure=True,
-				httponly=True)
+				httponly=True,
+				samesite='strict')
 
 
 class BucklerSession(dict, SessionMixin):
@@ -103,5 +105,10 @@ def require_auth():
 	"""
 	if not hasattr(session, 'meta'):
 		resp = redirect(config.buckler['login_url'])
-		resp.set_cookie('redirect', request.url)
+		resp.set_cookie(
+			'redirect',
+			request.url,
+			secure=True,
+			httponly=True,
+			samesite='strict')
 		return resp