Add samesite cookie options #16

Merged

techknowlogick merged 2 commits from :add-samesite into master 2020-11-12 04:27:16 +00:00

Conversation 4 Commits 2 Files Changed 4 +148 -6

zeripath commented 2020-11-11 19:11:42 +00:00

Contributor

Copy Link

Signed-off-by: Andrew Thornton art27@cantab.net

Signed-off-by: Andrew Thornton <art27@cantab.net>

zeripath force-pushed add-samesite from 81612d41a0 to a3fdc1d349 2020-11-11 20:30:24 +00:00 Compare

silverwind approved these changes 2020-11-11 20:40:03 +00:00

Dismissed

6543 commented 2020-11-11 20:54:03 +00:00

Contributor

Copy Link

this is not only Adding SameSite Cookie

this is not only Adding SameSite Cookie

silverwind commented 2020-11-11 21:03:39 +00:00

First-time contributor

Copy Link

Yes, this includes macaron_session encryption. When a Flash is set in macaron it will unavoidably roundtrip the flash content through a cookie to the client which is not really that great security-wise so it was remedied here.

I guess that part should at least be mentioned in the commit title or split off.

Yes, this includes macaron_session encryption. When a Flash is set in macaron it will unavoidably roundtrip the flash content through a cookie to the client which is not really that great security-wise so it was remedied here. I guess that part should at least be mentioned in the commit title or split off.

6543 commented 2020-11-11 21:06:24 +00:00

Contributor

Copy Link

I would prever a sepperate pull, so it could be easy cherry-picked to upstream ... just in case it will get merged at some point ... 1Y later ;)

I would prever a sepperate pull, so it could be easy cherry-picked to upstream ... just in case it will get merged at some point ... 1Y later ;)

zeripath force-pushed add-samesite from a47efe0858 to c7001f8530 2020-11-11 22:35:51 +00:00 Compare

zeripath force-pushed add-samesite from c7001f8530 to 7f7fe2ca0b 2020-11-11 22:38:30 +00:00 Compare

zeripath commented 2020-11-11 22:40:13 +00:00

Author

Contributor

Copy Link

You do realise how many conflicts that created?

In any case I haven't written it in such a way that it could be upstreamed without my current changes to macaron/macaron.

You do realise how many conflicts that created? In any case I haven't written it in such a way that it could be upstreamed without my current changes to macaron/macaron.

❤️ 1

6543 approved these changes 2020-11-11 22:43:13 +00:00

Dismissed

techknowlogick merged commit b8f62d7880 into master 2020-11-12 04:27:16 +00:00

techknowlogick referenced this issue from a commit 2020-11-12 04:27:16 +00:00

Add samesite cookie options (#16)

6543 deleted branch add-samesite 2020-11-12 14:25:29 +00:00

This repo is archived. You cannot comment on pull requests.

Reviewers

No reviewers

Labels

Clear labels   

kind/breaking

  

kind/bug

  

kind/deployment

  

kind/docs

  

kind/enhancement

  

kind/feature

  

kind/lint

  

kind/proposal

  

kind/question

  

kind/security

  

kind/testing

  

kind/translation

  

kind/ui

  

lgtm/done

  

lgtm/need

  

lgtm/need

  

priority/critical

  

priority/low

  

priority/maybe

  

priority/medium

  

refactor

  

reviewed/duplicate

  

reviewed/invalid

  

reviewed/wontfix

  

status/blocked

  

status/needs-feedback

  

status/wip

No Label

kind/breaking

kind/bug

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/security

kind/testing

kind/translation

kind/ui

lgtm/done

lgtm/need

lgtm/need

priority/critical

priority/low

priority/maybe

priority/medium

refactor

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

status/blocked

status/needs-feedback

status/wip

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

3 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: macaron/session#16

No description provided.