You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. Possible values for the flag are lax or strict.
RFC - https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
The RFC does say that
Updates: 6265 (if approved)
. I'm not sure about the policy if we follow. Do we not make changes until 6265 gets updated ?OAWSP - https://www.owasp.org/index.php/SameSite
caniuse.com still shows a bit of red in places. But I guess it will be a good addition to applications which are security focused.
The text was updated successfully, but these errors were encountered: