Mark Cookie SameSite as default (blank) over HTTP (!1029) · Merge requests · GitLab.org / gitlab-pages · GitLab

Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

What does this MR do?

In this Gorilla Session change, they have marked cookie SameSite as none by default, which prevents cookie being sent over HTTP by Chrome.

So in this MR, we are setting Cookie SameSite as default (which is blank) over HTTP.

Related: gitlab#475008 (closed)

Changelog: fixed

TODO

Feature flag
- Added feature flag:
- This feature does not require a feature flag
I added the Changelog trailer to the commits that need to be included in the changelog (e.g. Changelog: added)
I added unit tests or they are not required
I added acceptance tests or they are not required
I added documentation (or it's not required)
I followed code review guidelines
I followed Go Style guidelines