From 75329296697f7dd1a8217733f4c542007d4b4a83 Mon Sep 17 00:00:00 2001
From: InfinityPacer <160988576+InfinityPacer@users.noreply.github.com>
Date: Thu, 10 Oct 2024 20:08:30 +0800
Subject: [PATCH] fix(security): update SameSite setting to Lax for better
 compatibility

---
 app/core/security.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/core/security.py b/app/core/security.py
index db73a306..c802c11b 100644
--- a/app/core/security.py
+++ b/app/core/security.py
@@ -130,8 +130,8 @@ def __set_or_refresh_resource_token_cookie(request: Request, response: Response,
         key=settings.PROJECT_NAME,
         value=resource_token,
         httponly=True,
-        secure=request.url.scheme == "https",
-        samesite="strict"
+        secure=request.url.scheme == "https",  # 根据当前请求的协议设置 secure 属性
+        samesite="lax"  # 不同浏览器对 "Strict" 的处理可能不同，设置 SameSite 为 "Lax"，以平衡安全性和兼容性
     )