From 9ad07ad0ce43bb7b2be7944fb20043e040738021 Mon Sep 17 00:00:00 2001
From: "Willnow, Patrick" <patrick.willnow@th-luebeck.de>
Date: Wed, 16 Oct 2024 20:30:35 +0200
Subject: [PATCH] Add WEBUI_SESSION_COOKIE-settings missing from merge conflict

---
 backend/open_webui/utils/oauth.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py
index e15edc0a6..dc3130031 100644
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -28,6 +28,7 @@ from open_webui.config import (
     OAUTH_ADMIN_ROLES, WEBHOOK_URL, JWT_EXPIRES_IN, AppConfig,
 )
 from open_webui.constants import ERROR_MESSAGES
+from open_webui.env import WEBUI_SESSION_COOKIE_SAME_SITE, WEBUI_SESSION_COOKIE_SECURE
 from open_webui.utils.misc import parse_duration
 from open_webui.utils.utils import get_password_hash, create_token
 from open_webui.utils.webhook import post_webhook
@@ -234,6 +235,8 @@ class OAuthManager:
             key="token",
             value=jwt_token,
             httponly=True,  # Ensures the cookie is not accessible via JavaScript
+            samesite=WEBUI_SESSION_COOKIE_SAME_SITE,
+            secure=WEBUI_SESSION_COOKIE_SECURE,
         )
 
         # Redirect back to the frontend with the JWT token