Add samesite cookie options #16
No reviewers
Labels
No Label
kind/breaking
kind/bug
kind/deployment
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/security
kind/testing
kind/translation
kind/ui
lgtm/done
lgtm/need
lgtm/need
priority/critical
priority/low
priority/maybe
priority/medium
refactor
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
status/blocked
status/needs-feedback
status/wip
No Milestone
No Assignees
3 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: macaron/session#16
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch ":add-samesite"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Signed-off-by: Andrew Thornton art27@cantab.net
81612d41a0
toa3fdc1d349
this is not only Adding SameSite Cookie
Yes, this includes macaron_session encryption. When a Flash is set in macaron it will unavoidably roundtrip the flash content through a cookie to the client which is not really that great security-wise so it was remedied here.
I guess that part should at least be mentioned in the commit title or split off.
I would prever a sepperate pull, so it could be easy cherry-picked to upstream ... just in case it will get merged at some point ... 1Y later ;)
a47efe0858
toc7001f8530
c7001f8530
to7f7fe2ca0b
You do realise how many conflicts that created?
In any case I haven't written it in such a way that it could be upstreamed without my current changes to macaron/macaron.