From 1f4eaeb3ae33ad88a4b07e664e2f8f8f1235bc6f Mon Sep 17 00:00:00 2001
From: Michael Auerswald <michael.auerswald@gmail.com>
Date: Mon, 24 Oct 2022 15:05:30 +0200
Subject: [PATCH] fix(core): set JWT authentication token sameSite policy to
 lax (#4425)

set authentication token sameSite policy to lax
---
 packages/cli/src/UserManagement/auth/jwt.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/cli/src/UserManagement/auth/jwt.ts b/packages/cli/src/UserManagement/auth/jwt.ts
index 647e17617b..f660782ccf 100644
--- a/packages/cli/src/UserManagement/auth/jwt.ts
+++ b/packages/cli/src/UserManagement/auth/jwt.ts
@@ -63,5 +63,9 @@ export async function resolveJwt(token: string): Promise<User> {
 
 export async function issueCookie(res: Response, user: User): Promise<void> {
 	const userData = issueJWT(user);
-	res.cookie(AUTH_COOKIE_NAME, userData.token, { maxAge: userData.expiresIn, httpOnly: true });
+	res.cookie(AUTH_COOKIE_NAME, userData.token, {
+		maxAge: userData.expiresIn,
+		httpOnly: true,
+		sameSite: 'lax',
+	});
 }