gianlucafrei
commented
3 years ago Implemented with version 0.3
Closed gianlucafrei closed 3 years ago
gianlucafrei
commented
3 years ago Implemented with version 0.3
We should implement a csrf protection mechanism with samesite strict cookies. This way Nelly could offer a csrf protection mechanism that requires no implementation in the application.
-> Create change the csrf cookie to samesite strict -> Validate if the cookie is present
See also the documentation on https://github.com/gianlucafrei/nellygateway/wiki/SecurityProfiles