Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check cookies against a cross-site request [SameSite attribute] #776

Open
macbre opened this issue Sep 3, 2020 · 0 comments
Open

Check cookies against a cross-site request [SameSite attribute] #776

macbre opened this issue Sep 3, 2020 · 0 comments
Labels
security-metrics
Milestone
Roadmap

Comments

@macbre
Copy link
Owner

macbre commented Sep 3, 2020

Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:

  • Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
  • Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security-metrics
Projects
None yet
Milestone
Roadmap
Development

No branches or pull requests
1 participant
@macbre