search

Siecje / nginx-auth-proxy

Authentication for multiple services using nginx
BSD 2-Clause "Simplified" License
27 stars 5 forks source link

Samesite cookies #6

Open Siecje opened 6 years ago

Siecje commented 6 years ago

I believe same-site will prevent single sign on from working but will still have multiple services share users and passwords. Users will have to login to each application.

https://github.com/pallets/flask/blob/master/docs/security.rst

samesite cookies are not supported by Flask, but there are PR for Werkzeug and Flask.

https://github.com/pallets/werkzeug/pulls?utf8=%E2%9C%93&q=is%3Aopen%20samesite

Firefox doesn't support samesite cookies. https://caniuse.com/#search=samesite

Siecje commented 1 year ago

Flask and Firefox now support samesite cookies.

Werkzeug released support for SameSite cookies on 2017-12-31 with version 0.14.

Firefox has supported same-site cookies since version 60 released on 2018-05-08.