set samesite to strict

src/routes/api/v1/auth/login/+server.ts

@@ -24,7 +24,7 @@ export async function POST({ request, cookies }) {
 
 		const session = await createSession(user.id);
 
-		cookies.set(COOKIE, session.id, { path: '/' });
+		cookies.set(COOKIE, session.id, { path: '/', sameSite: 'strict' });
 
 		return json(
 			{

src/routes/api/v1/auth/register/+server.ts

@@ -19,7 +19,7 @@ export async function POST({ request, cookies }) {
 		const user = await createUser(username, email, password);
 		const session = await createSession(user.id);
 
-		cookies.set(COOKIE, session.id, { path: '/' });
+		cookies.set(COOKIE, session.id, { path: '/', sameSite: 'strict' });
 
 		return json(
 			{

svelte.config.js

@@ -4,7 +4,8 @@ import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
 /** @type {import('@sveltejs/kit').Config} */
 const config = {
 	kit: {
-		adapter: adapter()
+		adapter: adapter(),
+		csrf: { checkOrigin: false }
 	},
 	preprocess: vitePreprocess()
 };