Revert SameSite=Strict cookie setting (#1372)

**Why**: Chrome continues to be buggy with SameSite=Strict so we are reverting to SameSite=Lax until we can rearchitect to avoid the bug.
18F · Apr 14, 2017 · f2fed79 · f2fed79
1 parent c078dde
commit f2fed79
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
@@ -45,7 +45,7 @@
     secure: true, # mark all cookies as "Secure"
     httponly: true, # mark all cookies as "HttpOnly"
     samesite: {
-      strict: true # mark all cookies as SameSite=Strict.
+      lax: true # mark all cookies as SameSite=Strict.
     },
   }