Set session cookie to be `SameSite=Lax`

This avoids a "enable cookies and refresh 2 times to continue" error which can't be bypassed after clicking a link from a different site to a site protected by uffd-nginxauth. In order for a `SameSite=Strict` cookie to be sent, there needs to be at least one *user* navigation on the site first (clicking an external link to the site and receiving a redirect doesn't count). From MDN: > [SameSite=Strict] should be used when you have cookies relating to > functionality that will *always be behind an initial navigation*, > such as authentication or storing shopping cart information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#controlling_third-party_cookies_with_samesite

Set session cookie to be `SameSite=Lax`
df4ac048 · Russ Garrett · b0291ac4 · df4ac048
Verified Commit df4ac048 authored Jul 9, 2024 by Russ Garrett
--- a/default_config.py
+++ b/default_config.py
@@ -11,4 +11,4 @@ OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo'
 # CSRF protection
 SESSION_COOKIE_SECURE=True
 SESSION_COOKIE_HTTPONLY=True
-SESSION_COOKIE_SAMESITE='Strict'
+SESSION_COOKIE_SAMESITE='Lax'