Issue cookies with the same-site flag
Cookies should have SameSite=None to allow wikis with custom domains (e.g. scp-wiki.net, kontainer.djkakt.us) to be accepted.
We’ll need to do more research for figuring out how exactly SameSite should be issued, especially as the codebase evolves. Lowering priority, will revisit later.
I was rereading the chrome docs just now, and I think you only need to set SameSite if the cookie is for custom domains. So check if SNI matches the wikijump wildcard and do it based on that?
Though I don’t see a lot of downside to just always specifying the cookies must be SameSite=None; Secure? (or at least just the Secure flag)
I want to continue working with the finer details of my setsecurecookie() function to determine when you should be using the SameSite flag. I’ve been setting it everywhere and I’d like to tighten that scope a little.