Open Dipesh8Bhatta opened 1 year ago
optimistic-updt
commented
1 year ago Hey There, Do you have an idea of how long this talk would be?
if 10min or less, would you be interested in doing it this month on the 29th? else if more than 10min would you be interested to do it in April meetup?
optimistic-updt
commented
1 year ago @Dipesh8Bhatta
optimistic-updt
commented
1 year ago @Dipesh8Bhatta heya, any news on that? would you want to do it next week?
Dipesh8Bhatta
commented
1 year ago Hi Kevin,
I am out of the country at the moment.
I will reach you out when I am back.
Thanks, Dipesh
On Mon, May 22, 2023, 9:53 AM Kevin Garcia-F @.***> wrote:
@Dipesh8Bhatta https://github.com/Dipesh8Bhatta heya, any news on that? whould you want to do it next week?
— Reply to this email directly, view it on GitHub https://github.com/rubyaustralia/melbourne-ruby/issues/198#issuecomment-1556332425, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABSFSQP4H6QZJHPXJ7OVLPLXHKTINANCNFSM6AAAAAAUF46VHY . You are receiving this because you were mentioned.Message ID: @.***>
From Rails 6.1, Rails.application.config.action_dispatch.cookies_same_site_protection has been added to it. It has :lax, :strict and :none as options. I believe :lax is as good as :strict in the context of security and in top of this :lax provides good user experience. I would like someone to discuss on this matter. And explain that :lax is not less in protecting cross-origin request than :strict.
I have read in medium: https://lilyreile.medium.com/rails-6-1-new-framework-defaults-what-they-do-and-how-to-safely-uncomment-them-c546b70f0c5e and couple of other sites about it.