moonfire-nvr/server
Scott Lamb 560fe804d6 use SameSite=Lax instead of SameSite=Strict
To improve reliability of live streams (#59) on Safari.

Safari was dropping the cookie from websocket update requests.
(But it worked sometimes. I don't get why.) I saw folks on the Internet
thinking this related to HttpOnly:

*   https://developer.apple.com/forums/thread/104488
*   https://stackoverflow.com/q/47742807/23584

but I still see this behavior without HttpOnly. SameSite=Strict vs
SameSite=Lax appears to make a difference. Try that instead.
SameSite=Strict is pointless for us anyway as noted in a new comment.
Turning off HttpOnly would be more unfortunate security-wise.
2021-03-31 13:08:03 -07:00
..
base present signal days in API requests 2021-03-23 21:07:07 -07:00
db use SameSite=Lax instead of SameSite=Strict 2021-03-31 13:08:03 -07:00
src use SameSite=Lax instead of SameSite=Strict 2021-03-31 13:08:03 -07:00
Cargo.lock update lexical-core 0.7.4->0.7.5 2021-03-26 19:07:30 -07:00
Cargo.toml send keepalives on live.m4s 2021-03-25 23:11:08 -07:00