Open Siecje opened 6 years ago
I believe same-site will prevent single sign on from working but will still have multiple services share users and passwords. Users will have to login to each application.
https://github.com/pallets/flask/blob/master/docs/security.rst
samesite cookies are not supported by Flask, but there are PR for Werkzeug and Flask.
https://github.com/pallets/werkzeug/pulls?utf8=%E2%9C%93&q=is%3Aopen%20samesite
Firefox doesn't support samesite cookies. https://caniuse.com/#search=samesite
Flask and Firefox now support samesite cookies.
Werkzeug released support for SameSite cookies on 2017-12-31 with version 0.14.
Firefox has supported same-site cookies since version 60 released on 2018-05-08.
I believe same-site will prevent single sign on from working but will still have multiple services share users and passwords. Users will have to login to each application.
https://github.com/pallets/flask/blob/master/docs/security.rst
samesite cookies are not supported by Flask, but there are PR for Werkzeug and Flask.
https://github.com/pallets/werkzeug/pulls?utf8=%E2%9C%93&q=is%3Aopen%20samesite
Firefox doesn't support samesite cookies. https://caniuse.com/#search=samesite