From 49fcd2fc51100f684fed679f2ac9140671a88dcd Mon Sep 17 00:00:00 2001
From: Aleksandr Vishniakov <av@virtoway.com>
Date: Fri, 14 Aug 2020 09:21:52 +0200
Subject: [PATCH] VP-4168: Use Lax same site mode for XSRF-TOkEN cookie (#516)

---
 .../Filters/AngularAntiforgeryCookieResultFilter.cs             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs b/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs
index 0d68230..7762ba3 100644
--- a/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs
+++ b/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs
@@ -30,7 +30,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
             if (context.Result is ViewResult viewResult && statusCodeReExecuteFeature == null)
             {
                 var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);
-                context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false, IsEssential = true });
+                context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false, IsEssential = true, SameSite = SameSiteMode.Lax });
             }
         }