This prohibits the cookie from being sent along in cross-site sub-requests or when the user navigates to a different site.
Signed-off-by: Max Carrara <[email protected]> --- PVE/APIClient/LWP.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm index ed7e4fe..722b35a 100755 --- a/PVE/APIClient/LWP.pm +++ b/PVE/APIClient/LWP.pm @@ -89,7 +89,7 @@ sub update_ticket { $self->{ticket} = $ticket; my $encticket = uri_escape($ticket); - my $cookie = "$self->{cookie_name}=$encticket; path=/; secure;"; + my $cookie = "$self->{cookie_name}=$encticket; path=/; secure; SameSite=Strict;"; $agent->default_header('Cookie', $cookie); } -- 2.39.2 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
