-
SameSite属性は、クロスサイトからのリクエストでクッキーが送信されないようにする
Spring SecurityのCSRFトークンにより、CSRF攻撃は基本的に防げる。
SameSite属性を設定することは、CSRF防御をさらに強化するための補完策として有効。
仮にCSRFトークンが無効化されていたり、攻撃者が何らかの手段でCSRFトークンをバイパスしようとした場合でも、SameS…
-
**Describe the issue**
When samesite is set to strict, the redirect back is wrong despite authentication being successful.
https://login.microsoftonline.com/kmsi (status 200) redirects me to htt…
-
## Description
**SameSite Cookie High-Level Overview:**
- This SameSite attribute restricts a browser from sending a cookie in various requests.
- In Open Liberty, SameSite is enabled via the ser…
-
I've searched the repo and read through https://github.com/fedidcg/FedCM/issues/212 and https://github.com/fedidcg/FedCM/issues/248 but I'm still confused about the SameSite=none requirement.
[Last…
-
**Expected behavior**
Login without errors
**Actual behavior**
The cookie "sanctum.token.cookie" was rejected because a non-HTTPS cookie cannot be set as "secure".
**### On Login and can…
-
# Issue summary
Because [`sameSite: lax`](https://github.com/Shopify/shopify-api-js/blob/6b7bd64bc4f311b1fe3c7c4075d548eee3c7cd94/lib/auth/oauth/oauth.ts#L70), the cookies are not being set by the …
-
I'm currently facing a very disturbing error which I was able to replicate on multiple instances and which all lead to a bug in the session manager.
Whenever the cookie is set to SameSiteStrictMode…
-
[Lax + POST mitigation](https://www.chromium.org/updates/same-site/faq/#q-what-is-the-lax-post-mitigation) as well as the following Spring Security tickets:
* https://github.com/spring-projects/spr…
-
When hitting DAV endpoints :
`curl -v https://xxx.org/remote.php/dav
`
The returned WWW-Authenticate doesnt contain Bearer scheme
`
< HTTP/1.1 401 Unauthorized
< Date: Sun, 08 Sep 2024 13:15:0…
-
The [SameSite attribute section](https://github.com/privacycg/CHIPS?tab=readme-ov-file#samesite-attribute) seems like it was written at a time when only cross-site (A embeds B) Partitioned cookies wer…