From 7b11645190f5be95481a7f6d2efac63871cd2e5d Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Thu, 25 Nov 2021 18:31:22 +1100
Subject: [PATCH] samesite strict and secure in hcaptcha script set-cookie

---
 src/scripts/hcaptcha.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scripts/hcaptcha.lua b/src/scripts/hcaptcha.lua
index 65ad42a..46c221a 100644
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@@ -124,7 +124,7 @@ function _M.view(applet)
                 local floating_hash = utils.generate_secret(applet, hcaptcha_cookie_secret, true, nil)
                 applet:add_header(
                     "set-cookie",
-                    string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/", floating_hash)
+                    string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; SameSite=Strict; Secure=true;", floating_hash)
                 )
 --            else
 --                core.Debug("HCAPTCHA FAILED: " .. json.encode(api_response))