Cookie same-site (#2630)

* Set-Cookie SameSite

* https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
* https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
* https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
* https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again

Docker/README.md

@@ -320,7 +320,7 @@ server {
 	# Other SSL stuff goes here
 
 	# Needed for Freshrss cookie/session :
-	proxy_cookie_path / "/; HTTPOnly; Secure";
+	proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=Lax";
 
 	location / {
 		try_files $uri $uri/ =404;

p/.htaccess

@@ -37,4 +37,5 @@ AddDefaultCharset	UTF-8
 	<FilesMatch "\.(css|gif|html|ico|js|png|svg|woff|woff2)$">
 		Header	merge Cache-Control "public"
 	</FilesMatch>
+	Header edit Set-Cookie ^(.*)$ "$1; SameSite=Lax"
 </IfModule>