Feel free to edit this to add items to the agenda, or post a comment if you are unable to edit.
Agenda
rust-lang/crates.io#2480 - I believe this is safe to merge, but due to the potential security implications I would like to allow a bit more time to reach consensus on this change.
Considering several changes to how our session cookie is handled:
Only send a Set-Cookie header if the session has been modified by the endpoint (conduit-rust/conduit-cookie#13)
Add SameSite=Strict to the cookie to ensure it is never sent in a CORS request (conduit-rust/conduit-cookie#14)
Add a Max-Age of 90 days to the cookie. We currently don't set any type of cookie expiration which means the browser may or may not keep the cookie across browser restarts. (Also conduit-rust/conduit-cookie#14)
PR review grab bag
Feel free to add PRs here if you're assigned but don't have time/expertise to get the review across the finish line. (Feel free to steal any work from this queue, even outside of normal meeting times.)
Feel free to edit this to add items to the agenda, or post a comment if you are unable to edit.
Agenda
Set-Cookie
header if the session has been modified by the endpoint (conduit-rust/conduit-cookie#13)SameSite=Strict
to the cookie to ensure it is never sent in a CORS request (conduit-rust/conduit-cookie#14)Max-Age
of 90 days to the cookie. We currently don't set any type of cookie expiration which means the browser may or may not keep the cookie across browser restarts. (Also conduit-rust/conduit-cookie#14)PR review grab bag
Feel free to add PRs here if you're assigned but don't have time/expertise to get the review across the finish line. (Feel free to steal any work from this queue, even outside of normal meeting times.)