VRChat's API will be making a change soon. We'll be adding the SameSite=Lax attribute to our auth cookies. This is part of an effort to improve our CSRF protection.
Browsers for the most part already treat all cookies this way, but a handful don't. We don't expect this to affect many VRChat-related applications, but we wanted to let you know anyhow.
Additionally, we're going to start filtering requests based on the Origin and Referer headers. Leave those headers empty to avoid being impacted by this change.
Hello!
VRChat's API will be making a change soon. We'll be adding the
SameSite=Lax
attribute to our auth cookies. This is part of an effort to improve our CSRF protection.Browsers for the most part already treat all cookies this way, but a handful don't. We don't expect this to affect many VRChat-related applications, but we wanted to let you know anyhow.
Additionally, we're going to start filtering requests based on the
Origin
andReferer
headers. Leave those headers empty to avoid being impacted by this change.Thank you!