Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-220

Add support for SameSite cookies to CHF

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Resolution: Fixed
    • 25.0.0, 24.0.13
    • None
    • None

    Description

      SameSite cookies have been proposed as a mitigation against CSRF attacks. This attribute ensures that cookies are only ever sent on requests that originate in the same "site" (see the matching rules in the draft RFC) or are initiated directly by the user typing in an address/bookmark. While this attribute is currently only supported by Chrome and Opera, I understand that other browser vendors are working on implementations and it is likely to become part of the next HTTP Cookie spec.

      Adding this attribute to our cookies would add a major additional protection against CSRF attacks as cross-site requests would never have cookies added to them.

      Attachments

        Issue Links

          Activity

            People

              neil.madden Neil Madden
              neil.madden Neil Madden
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: