From 00b2433cec49e5491323204371397d72a4b3c721 Mon Sep 17 00:00:00 2001
From: Amine Saboni <43726203+SaboniAmine@users.noreply.github.com>
Date: Sun, 13 Jul 2025 16:46:58 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 14: Failure to use
 secure cookies

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 carbonserver/carbonserver/api/routers/authenticate.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/carbonserver/carbonserver/api/routers/authenticate.py b/carbonserver/carbonserver/api/routers/authenticate.py
index 47cd43252..58e698dd2 100644
--- a/carbonserver/carbonserver/api/routers/authenticate.py
+++ b/carbonserver/carbonserver/api/routers/authenticate.py
@@ -118,7 +118,8 @@ async def get_login(
             SESSION_COOKIE_NAME,
             res.json()["access_token"],
             httponly=True,
-            secure=False,
+            secure=True,
+            samesite='Lax',
         )
         return response