-
**Feature Description**
i need feature for set cookie samesite to strict, lax, none;
to prevent CSRF.
-
**Describe the bug**
When logging in in a development Volto (current master), Firefox 117 reports the following in the development console:
```
Cookie “auth_token” does not have a proper “SameS…
erral updated
7 months ago
-
# 내용 공유
구글 크롬 80버전부터 새로운 쿠키 정책이 발표됨
- 쿠키의 SameSite 기본값이 "None"에서 "Lax"로 변경
# 관련 자료
- https://seob.dev/posts/%EB%B8%8C%EB%9D%BC%EC%9A%B0%EC%A0%80-%EC%BF%A0%ED%82%A4%EC%99%80-SameSite-%EC%86%8D%…
-
`SameSite` attribute cannot be specified using `Response.SetCookie()` (`System.Net.Cookie` doesn't have the field). I've also checked `HttpListenerResponse.AppendSetCookieHeader`.
Side-notes:
Fire…
-
**Describe the bug** \
Authentication saved as "authType: cookie" does not set SameSite value.
This gives a warning:
```
Cookie “_auth” does not have a proper “SameSite” attribute value. Soon, coo…
-
I might be missing something but I have not yet found a reason why we cannot set `SameSite=Strict` on the Rails session cookie. This is a very minor security win but will likely tick some lower priori…
-
I saw this was initially covered in #36, but I think it's worth revisiting now.
https://github.com/WICG/cookie-store/blob/9a100293eb01c0828fea16d266ea6d410ef6934f/index.bs#L497
The default `Same…
-
If I have a website that I want to allow framing by trusted third-parties (via CSP frame-ancestors), I can't use SameSite cookies to prevent CSRF attacks. This is unfortunate as it limits adoption of …
-
## Describe the bug
The response of
```sh
curl -i 'https://demo.dspace.org/server/api/security/csrf'
```
contains the `set-cookie` header with `DSPACE-XSRF-COOKIE` twice:
```sh
HTTP/2 …
-
So the readme is incomplete, there are more parameters required.
```
CSRF_SECRET_KEY=123
COOKIE_SAMESITE=none
COOKIE_SECURE=true
```
Removing from the pyproject uvicorn and using `fastapi = …