#3944 - Prevent CSRF via new 'samesite=lax' cookie option
-
By Chris Graham
- Added
- 3 views
| Identifier | #3944 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Prevent CSRF via new 'samesite=lax' cookie option |
| Status | Completed |
| Tags |
Roadmap: v11 (custom) Type: Security (custom) |
| Handling member | Chris Graham |
| Addon | core |
| Description | There's a new 'samesite' cookie attribute, which can be used to reduce the potential for CSRF attacks.
Make use of it for the session cookie. |
| Steps to reproduce | |
| Related to | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet