From c626cc80efa08189d8be2df43e5b9ed6e14aaeab Mon Sep 17 00:00:00 2001
From: Finn Bacall <finn.bacall@manchester.ac.uk>
Date: Thu, 29 Aug 2024 13:32:04 +0100
Subject: [PATCH] Use "Lax" for cookie "SameSite" restriction, otherwise OAuth2
 does not work

...because the session resets after the redirect, and so the stored nonce/state is lost.
---
 config/initializers/session_store.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 22ce1f2cd..f02ff6de3 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
-opts = Rails.env.production? ? { same_site: :strict, secure: true } : {}
+opts = Rails.env.production? ? { same_site: :lax, secure: true } : {}
 Rails.application.config.session_store :cookie_store, **opts