From f2fed797159d2cce393e125cee47eceb77d854d9 Mon Sep 17 00:00:00 2001
From: Peter Karman <pkarman@users.noreply.github.com>
Date: Fri, 14 Apr 2017 10:59:04 -0500
Subject: [PATCH] Revert SameSite=Strict cookie setting (#1372)

**Why**: Chrome continues to be buggy with SameSite=Strict
so we are reverting to SameSite=Lax until we can rearchitect to avoid
the bug.
---
 config/initializers/secure_headers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 0c50fa271b0..3b7b755c7f5 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -45,7 +45,7 @@
     secure: true, # mark all cookies as "Secure"
     httponly: true, # mark all cookies as "HttpOnly"
     samesite: {
-      strict: true # mark all cookies as SameSite=Strict.
+      lax: true # mark all cookies as SameSite=Strict.
     },
   }