alex
commented
6 years ago Assuming there's interest, I'm happy to add support.
Closed alex closed 6 years ago
alex
commented
6 years ago Assuming there's interest, I'm happy to add support.
amol-
commented
6 years ago That sounds like a very good idea.
I think a proposed implementation should act in "Lax" mode and support a way to disable it / switch to Safe.
If you are willing to provide a PR I'll gladly review and merge it.
Documented here: https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
Currently supported in Firefox and Chromium; it provides strong defense in depth against CSRF.