Merge pull request #125 from AllForNothing/fix/same-site

fix: add new setting item to disable/enable same site for session_id cookie
2025-12-08 17:32:27 +08:00 · 2025-09-16 10:09:59 +08:00
parent 518ec4fb9d 87c81b99dd
commit 6a8f4e6db1
3 changed files with 7 additions and 2 deletions
--- a/app/api/utils/common.ts
+++ b/app/api/utils/common.ts
@ -1,7 +1,7 @@
 import type { NextRequest } from 'next/server'
 import { ChatClient } from 'dify-client'
 import { v4 } from 'uuid'
-import { API_KEY, API_URL, APP_ID } from '@/config'
+import { API_KEY, API_URL, APP_ID, APP_INFO } from '@/config'

 const userPrefix = `user_${APP_ID}:`

@ -15,6 +15,9 @@ export const getInfo = (request: NextRequest) => {
 }

 export const setSession = (sessionId: string) => {
+    if (APP_INFO.disable_session_same_site)
+        return { 'Set-Cookie': `session_id=${sessionId}; SameSite=None; Secure` }
+
    return { 'Set-Cookie': `session_id=${sessionId}` }
 }

--- a/config/index.ts
+++ b/config/index.ts
@ -8,6 +8,7 @@ export const APP_INFO: AppInfo = {
  copyright: '',
  privacy_policy: '',
  default_language: 'en',
+  disable_session_same_site: false, // set it to true if you want to embed the chatbot in an iframe  
 }

 export const isShowPrompt = false
--- a/types/app.ts
+++ b/types/app.ts
@ -112,6 +112,7 @@ export interface AppInfo {
  default_language: Locale
  copyright?: string
  privacy_policy?: string
+  disable_session_same_site?: boolean  
 }

 export enum Resolution {