Change bot-check cookie to Lax because that only breaks cross-site navigations without providing any real securit ybenefit

2025-05-09 02:05:37 +00:00 · 2024-12-08 12:41:53 +11:00
parent 923957d0e7
commit 413deac66b
1 changed files with 3 additions and 3 deletions
--- a/src/lua/scripts/bot-check.lua
+++ b/src/lua/scripts/bot-check.lua
@@ -297,8 +297,8 @@ function _M.view(applet)
 								applet:add_header(
 									"set-cookie",
 									string.format(
-										--"_basedflare_pow=%s; Expires=%s; Path=/; Domain=.%s; SameSite=Strict; HttpOnly;%s",
-										"_basedflare_pow=%s; Expires=%s; Path=/; Domain=%s; SameSite=Strict; %s",
+										--"_basedflare_pow=%s; Expires=%s; Path=/; Domain=.%s; SameSite=Lax; HttpOnly;%s",
+										"_basedflare_pow=%s; Expires=%s; Path=/; Domain=%s; SameSite=Lax; %s",
 										combined_cookie,
 										expiry_date_p,
 										applet.headers['host'][0],
@@ -361,7 +361,7 @@ function _M.view(applet)
 				applet:add_header(
 					"set-cookie",
 					string.format(
-						"_basedflare_captcha=%s; Expires=%s; Path=/; Domain=%s; SameSite=Strict; HttpOnly;%s",
+						"_basedflare_captcha=%s; Expires=%s; Path=/; Domain=%s; SameSite=Lax; HttpOnly;%s",
 						combined_cookie,
 						expiry_date_c,
 						applet.headers['host'][0],