From 3dd083fc1c9fefbce8ee201a6bf9f6c46133ef7e Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Fri, 18 Oct 2024 01:44:56 +0300
Subject: [PATCH] server: fix isUserFetch check

---
 cmd/gomuks/server.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/gomuks/server.go b/cmd/gomuks/server.go
index 0cccee1..394856e 100644
--- a/cmd/gomuks/server.go
+++ b/cmd/gomuks/server.go
@@ -171,7 +171,9 @@ func (gmx *Gomuks) Authenticate(w http.ResponseWriter, r *http.Request) {
 }
 
 func isUserFetch(header http.Header) bool {
-	return header.Get("Sec-Fetch-Site") == "none" &&
+	return (header.Get("Sec-Fetch-Site") == "none" ||
+		header.Get("Sec-Fetch-Site") == "same-site" ||
+		header.Get("Sec-Fetch-Site") == "same-origin") &&
 		header.Get("Sec-Fetch-Mode") == "navigate" &&
 		header.Get("Sec-Fetch-Dest") == "document" &&
 		header.Get("Sec-Fetch-User") == "?1"