projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 8d39d92) | patch
17202: Use explicit SameSite=Lax for 303-with-cookie.
authorTom Clegg <tom@tomclegg.ca>
Wed, 9 Dec 2020 14:34:14 +0000 (09:34 -0500)
committerTom Clegg <tom@tomclegg.ca>
Wed, 9 Dec 2020 14:34:14 +0000 (09:34 -0500)
commit2c8b44cdaefa4434eadbbe2cb24dabac8cc3bfa9
treed0a7d157f84a686f97f45fefa9d6c5a2da797449tree | snapshot
parent8d39d92808607b59f2335c1251c480ac56ba7016commit | diff
17202: Use explicit SameSite=Lax for 303-with-cookie.

This improves XSS protection on some browsers, including Safari and
Firefox for Android.

On most browsers, Lax is already the default.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
services/keep-web/handler.go diff | blob | history