Include "SameSite=Lax" with all set cookies.

This prevents FixMyStreet cookies from being sent from third-party <img>s and the like, in supporting browsers.
author: Matthew Somerville <matthew-github@dracos.co.uk> 2018-01-04 13:10:35 +0000
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2018-01-04 15:32:24 +0000
commit: a9932722b4cf2103d35f8f4c23ad2918aad0a96c (patch)
tree: 15124df09ba70b16a645cc9dd403d4f0f99ee481 /t/app/engine.t
parent: 3af2658153e35599c50a51c3a85a05e0e365e071 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/t/app/engine.t b/t/app/engine.t
new file mode 100644
index 000000000..d99c5e087
--- /dev/null
+++ b/t/app/engine.t
@@ -0,0 +1,9 @@
+use FixMyStreet::Test;
+
+use Catalyst::Test 'FixMyStreet::App';
+
+my $res = request("/?_override_foo=bar");
+
+like $res->headers->header('Set-Cookie'), qr/SameSite=Lax/;
+
+done_testing;
author	Matthew Somerville <matthew-github@dracos.co.uk>	2018-01-04 13:10:35 +0000
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2018-01-04 15:32:24 +0000
commit	a9932722b4cf2103d35f8f4c23ad2918aad0a96c (patch)
tree	15124df09ba70b16a645cc9dd403d4f0f99ee481 /t/app/engine.t
parent	3af2658153e35599c50a51c3a85a05e0e365e071 (diff)