git.arvados.org - arvados.git/commit

author	Tom Clegg <tom@tomclegg.ca>
	Wed, 9 Dec 2020 14:34:14 +0000 (09:34 -0500)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Mon, 22 Feb 2021 19:02:35 +0000 (14:02 -0500)
commit	ec67645272eecd27cedd04d7a79062d5d8f02f98
tree	d60a9abe9aecb4479c04a7bce0a979d4406c19ca	tree \| snapshot
parent	ea3f1b8246c27a6a44edfc561f13935ef377c1cb	commit \| diff

17202: Use explicit SameSite=Lax for 303-with-cookie.

This improves XSS protection on some browsers, including Safari and
Firefox for Android.

On most browsers, Lax is already the default.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>

services/keep-web/handler.go

diff | blob | history

RSS Atom