BC-8974 change session cookie same site to lax

there is logic that encodes the oauth state into the sseion for thr and moin schule, thus when logging in the session info gets lost for the second request from a redirect (sorry hard to explain)
hpi-schul-cloud · Feb 18, 2025 · fbe89b3 · fbe89b3
1 parent 4faad58
commit fbe89b3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/default.schema.json b/config/default.schema.json
@@ -281,7 +281,7 @@
 		},
 		"SESSION_COOKIE_SAME_SITE": {
 			"type": "string",
-			"default": "strict",
+			"default": "lax",
 			"description": "express-session cookie samesite attribute"
 		},
 		"COOKIE": {