Greenbone Security Assistant HTTP Server - The server talking to the Greenbone Vulnerability Management daemon (gvmd).
GNU Affero General Public License v3.0
11
stars
14
forks
source link
Avoid cross origin forgery by using same-site cookie #109
Closed
timopollmeier closed 1 year ago
What: Only allow access to the session cookie from the same site and not for third parties. This avoids CSRF attacks like like e.g. BREACH.
For more details please take a look at http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
Why: This fix was missing in the main and stable branches after moving gsad from the gsa repository to its own.
How:
Checklist: