Hey guys,
I see that HttpOnly and Secure flags are configurable in the configuration section.
Would it be possible to add a switch for the SameSite cookie flag ?
Thanks a lot and keep up the great work,
ArnCo
ArnCo
All 7 comments
Could you please explain this or link to something that does?
hughbris
on 9 Sep 2018
Hey @hughbris ,
Here is an explanation of what it does :
https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
Basically, this is an additional protection against CSRF.
Cheers,
ArnCo
ArnCo
on 12 Sep 2018
Guyz, hello, i too dont search any option to set this Cookie, may be you have any advices? Thanx.
lovkiymusic
on 7 Dec 2019
Hi @lovkiymusic,
For now I'm doing it directly on my NginX server with the "proxy_cookie_path" directive.
Cheers,
ArnCo
ArnCo
on 12 Dec 2019
+1
would be great if we could set the samesite attribute for cookies in the system.yaml like the others attribute. example:
session:
enabled: true
initialize: true
timeout: 1800
name: site-
uniqueness: path
secure: true
httponly: true
split: true
path: null
samesite: true
sebastianbaumann
on 27 Aug 2020
See #3063
randoum
on 11 Nov 2020
Looks like this can be closed, given the previous comment. Cheers :+1:
ArnCo
on 19 Nov 2020
Related issues
escopecz
路
17Comments
balajmarius
路
17Comments
jens-t
路
18Comments
giansi
路
17Comments
ekumlin
路
37Comments
Most helpful comment
Hey @hughbris ,
Here is an explanation of what it does :
https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
Basically, this is an additional protection against CSRF.
Cheers,
ArnCo