From 22f2dddfdf2e43042ceb4018f704ede0a02ef910 Mon Sep 17 00:00:00 2001
From: kylecarbs <kyle@coder.com>
Date: Mon, 25 Apr 2022 20:33:44 +0000
Subject: [PATCH] fix: Use Lax mode for OAuth redirect cookies

OAuthing was resulting in an error, because Strict
cookies are not sent on redirects.
---
 coderd/httpmw/oauth2.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/coderd/httpmw/oauth2.go b/coderd/httpmw/oauth2.go
index c3e2e0f00519f..b61aa09e4990b 100644
--- a/coderd/httpmw/oauth2.go
+++ b/coderd/httpmw/oauth2.go
@@ -71,7 +71,7 @@ func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler {
 					Value:    state,
 					Path:     "/",
 					HttpOnly: true,
-					SameSite: http.SameSiteStrictMode,
+					SameSite: http.SameSiteLaxMode,
 				})
 				// Redirect must always be specified, otherwise
 				// an old redirect could apply!
@@ -80,7 +80,7 @@ func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler {
 					Value:    r.URL.Query().Get("redirect"),
 					Path:     "/",
 					HttpOnly: true,
-					SameSite: http.SameSiteStrictMode,
+					SameSite: http.SameSiteLaxMode,
 				})
 
 				http.Redirect(rw, r, config.AuthCodeURL(state, oauth2.AccessTypeOffline), http.StatusTemporaryRedirect)