Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-22936

Use Strict SameSite Cookies

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 3.21.1
    • Transport

    Description

      Web browsers have added a new flag for Cookies which indicates that they should not be sent on cross-origin requests which provides more protection against CSRF.

      We should add this to the session cookie, and to the CSRF cookie.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mpiggott Matthew Piggott
            Hajime Osako Hajime Osako
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              tigCommentSecurity.panel-title