Merge pull request #125 from AllForNothing/fix/same-site

fix: add new setting item to disable/enable same site for session_id cookie

app/api/utils/common.ts

@@ -1,7 +1,7 @@
 import type { NextRequest } from 'next/server'
 import { ChatClient } from 'dify-client'
 import { v4 } from 'uuid'
-import { API_KEY, API_URL, APP_ID } from '@/config'
+import { API_KEY, API_URL, APP_ID, APP_INFO } from '@/config'
 
 const userPrefix = `user_${APP_ID}:`
 
@@ -15,7 +15,10 @@ export const getInfo = (request: NextRequest) => {
 }
 
 export const setSession = (sessionId: string) => {
-  return { 'Set-Cookie': `session_id=${sessionId}` }
+    if (APP_INFO.disable_session_same_site)
+        return { 'Set-Cookie': `session_id=${sessionId}; SameSite=None; Secure` }
+
+    return { 'Set-Cookie': `session_id=${sessionId}` }
 }
 
 export const client = new ChatClient(API_KEY, API_URL || undefined)

config/index.ts

@@ -8,6 +8,7 @@ export const APP_INFO: AppInfo = {
   copyright: '',
   privacy_policy: '',
   default_language: 'en',
+  disable_session_same_site: false, // set it to true if you want to embed the chatbot in an iframe  
 }
 
 export const isShowPrompt = false

types/app.ts

@@ -112,6 +112,7 @@ export interface AppInfo {
   default_language: Locale
   copyright?: string
   privacy_policy?: string
+  disable_session_same_site?: boolean  
 }
 
 export enum Resolution {