Cookie sameSite attribute

[knutov]

Cookie “dancer.session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

I found the problem can be solved that way:

PERL_CPANM_OPT=" --notest " cpanm Dancer@1.3514_03

add session_same_site: Strict to config.yml

Download to the local folder and edit Dancer::Session::Cookie.pm:

sub _cookie_params {
    my $self     = shift;
    my $name     = $self->session_name;
    my $duration = $self->_session_expires_as_duration;
    my %cookie   = (
        name      => $name,
        value     => $self->_cookie_value,
        path      => setting('session_cookie_path') || '/',
        domain    => setting('session_domain'),
        secure    => setting('session_secure'),
        http_only => setting("session_is_http_only") // 1, # <- changed
        same_site => setting("session_same_site"), # <- changed
    );
    if ( defined $duration ) {
        $cookie{expires} = time + $duration;
    }
    return %cookie;
}

Would you please make new release with this changes, if they are ok?