From 59ecc6a933e08e3d860fcbbb281f487d32a8ef1c Mon Sep 17 00:00:00 2001
From: guqing <i@guqing.email>
Date: Fri, 18 Oct 2024 11:30:15 +0800
Subject: [PATCH] fix: language preference is not remembered under non-HTTPS
 connections

---
 .../infra/webfilter/LocaleChangeWebFilter.java   | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/application/src/main/java/run/halo/app/infra/webfilter/LocaleChangeWebFilter.java b/application/src/main/java/run/halo/app/infra/webfilter/LocaleChangeWebFilter.java
index 1da379c13e..d4bd8e661f 100644
--- a/application/src/main/java/run/halo/app/infra/webfilter/LocaleChangeWebFilter.java
+++ b/application/src/main/java/run/halo/app/infra/webfilter/LocaleChangeWebFilter.java
@@ -45,15 +45,19 @@ public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
                     .getFirst(LANGUAGE_PARAMETER_NAME);
                 if (StringUtils.hasText(language)) {
                     var locale = Locale.forLanguageTag(language);
-                    exchange.getResponse()
-                        .addCookie(ResponseCookie.from(LANGUAGE_COOKIE_NAME, locale.toLanguageTag())
-                            .path("/")
-                            .secure(true)
-                            .build()
-                        );
+                    setLanguageCookie(exchange, locale);
                 }
             })
             .then(Mono.defer(() -> chain.filter(exchange)));
     }
 
+    void setLanguageCookie(ServerWebExchange exchange, Locale locale) {
+        var cookie = ResponseCookie.from(LANGUAGE_COOKIE_NAME, locale.toLanguageTag())
+            .path("/")
+            .httpOnly(true)
+            .secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
+            .sameSite("Lax")
+            .build();
+        exchange.getResponse().getCookies().set(LANGUAGE_COOKIE_NAME, cookie);
+    }
 }