vikunja

mirror of https://github.com/go-vikunja/vikunja.git synced 2026-03-12 01:59:34 -05:00

Files

kolaente 530973c475 fix(auth): make SameSite=None conditional on HTTPS for refresh cookie

SameSite=None requires Secure=true per browser spec. When running over
plain HTTP (local dev, e2e tests), browsers reject or downgrade the
cookie, breaking session refresh. Fall back to SameSite=Lax for HTTP
while keeping SameSite=None for HTTPS (needed for the Electron desktop
app cross-origin scenario).

2026-03-03 10:41:19 +01:00

ldap

fix: use caller's session in LDAP syncUserGroups to avoid nested transactions

2026-02-25 11:03:02 +01:00

openid

fix: eliminate nested database sessions to prevent table locks

2026-02-25 11:03:02 +01:00

auth.go

fix(auth): make SameSite=None conditional on HTTPS for refresh cookie

2026-03-03 10:41:19 +01:00