hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-20 16:08:48 -04:00

History

David Mehren e77e7b165a Set all cookies with sameSite: strict Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>	2020-06-08 15:27:31 +02:00
..
constant.ejs	linkifyHeaderStyle needs no string-ification; is already str.	2019-10-30 17:46:04 +01:00
login.js	Set all cookies with sameSite: strict	2020-06-08 15:27:31 +02:00

Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>

2020-06-08 15:27:31 +02:00

constant.ejs

linkifyHeaderStyle needs no string-ification; is already str.

2019-10-30 17:46:04 +01:00

Set all cookies with sameSite: strict

2020-06-08 15:27:31 +02:00