Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-220

Add support for SameSite cookies to CHF

    Details

    • Type: Improvement
    • Status: Resolved
    • Resolution: Fixed
    • Fix Version/s: 25.0.0, 24.0.13
    • Component/s: None
    • Labels:
      None
    • Support Ticket IDs:

      Description

      SameSite cookies have been proposed as a mitigation against CSRF attacks. This attribute ensures that cookies are only ever sent on requests that originate in the same "site" (see the matching rules in the draft RFC) or are initiated directly by the user typing in an address/bookmark. While this attribute is currently only supported by Chrome and Opera, I understand that other browser vendors are working on implementations and it is likely to become part of the next HTTP Cookie spec.

      Adding this attribute to our cookies would add a major additional protection against CSRF attacks as cross-site requests would never have cookies added to them.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                neil.madden Neil Madden
                Reporter:
                neil.madden Neil Madden
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: