luci-base: add another magic security attribute to the sysauth cookie

Fixes: #3585
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 885c97da53)

modules/luci-base/luasrc/dispatcher.lua

@@ -514,7 +514,7 @@ function dispatch(request)
 				return
 			end
 
-			http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
+			http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
 				sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
 			})
 			http.redirect(build_url(unpack(ctx.requestpath)))