Add samesite cookie options #16
Yes, this includes macaron_session encryption. When a Flash is set in macaron it will unavoidably roundtrip the flash content through a cookie to the client which is not really that great security-wise so it was remedied here.
I guess that part should at least be mentioned in the commit title or split off.
I would prever a sepperate pull, so it could be easy cherry-picked to upstream ... just in case it will get merged at some point ... 1Y later ;)
You do realise how many conflicts that created?
In any case I haven't written it in such a way that it could be upstreamed without my current changes to macaron/macaron.
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?