Bug #21445: JSESSIONID cookie should have a SameSite policy - Rudder - Issue Tracker

Actions

Copy link

Bug #21445

closed

JSESSIONID cookie should have a SameSite policy

Added by Alexis Mousset almost 2 years ago. Updated 9 months ago.

Status:

Released

Priority:

N/A

Assignee:

Alexis Mousset

Category:

Security

Target version:

6.2.16

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

Checked

Regression:

Description

https://caniuse.com/mdn-http_headers_set-cookie_samesite_lax_default

Only some modern browsers have a default lax policy, we should provide one to prevent trivial CSRF against the internal API.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #21445

JSESSIONID cookie should have a SameSite policy

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset 9 months ago