From 32d6fe3273773c467de9159eb10cf3c2cf74de09 Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Wed, 7 Aug 2019 10:46:11 +0800
Subject: [PATCH] make cookies SameSite=strict in the hopes that safari will
 start sending them

---
 TES/tes/apiendpoints.py  | 2 +-
 TWS/twsproxy/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/TES/tes/apiendpoints.py b/TES/tes/apiendpoints.py
index 76c8f34..16f401c 100644
--- a/TES/tes/apiendpoints.py
+++ b/TES/tes/apiendpoints.py
@@ -475,7 +475,7 @@ class CreateTunnel(Resource):
                    localbind=localbind, authtok=authtok)
         response = make_response("")
         response.mime_type = 'application/json'
-        response.set_cookie('twsproxyauth', authtok, httponly=True)
+        response.set_cookie('twsproxyauth', authtok, httponly=True,samesite='Strict')
         logger.debug('JobConnect.connect: connecting via redirect with cookie authtok set to  {}'.format(authtok))
         return response
 
diff --git a/TWS/twsproxy/__init__.py b/TWS/twsproxy/__init__.py
index da43556..23cf9d7 100644
--- a/TWS/twsproxy/__init__.py
+++ b/TWS/twsproxy/__init__.py
@@ -94,7 +94,7 @@ class TWSProxy(threading.Thread):
         initshutdown.clear()
         (header, bytessofar) = self.inittws(initshutdown)
         if self.authtok is not None:
-            replyheader = b'Set-Cookie: twsproxyauth2='+self.authtok+b' ; HttpOnly\r\n'
+            replyheader = b'Set-Cookie: twsproxyauth2='+self.authtok+b' ; HttpOnly; SameSite=Strict\r\n'
         else:
             replyheader = None
         insertafter = b'HTTP/1.1 200 OK\r\n'
-- 
GitLab