Kyle Isom 02ee538213 Fix download cookie: SameSite Strict blocks cookie on POST redirect ...

SameSite=Strict prevents the browser from sending the auth cookie when
following a redirect from a cross-context POST (form submission) to a
GET. Changing to SameSite=Lax allows the cookie to be sent on top-level
navigations (including redirects), so the /pki/download/{token} handler
receives the auth cookie and serves the tgz.

Co-authored-by: Junie <junie@jetbrains.com>

2026-03-15 13:50:22 -07:00

23 KiB

Raw Blame History

View Raw