XenForo
Administrative
- Thread starter
- Admin
- #1
Why aren't the xf_user and xf_session cookies set to SameSite Lax? Assuming all forms are using POST then authentication cookies with the SameSite Lax value will not be sent for cross origin requests, eliminating the need for any anti-CSRF tokens at all.
Both Chrome and Firefox now automatically set cookies that don't specify a SameSite policy to SameSite Lax so I don't see why it isn't explicitly set?
www.chromium.org
[URL...
Read more
ادامه مطلب...
Both Chrome and Firefox now automatically set cookies that don't specify a SameSite policy to SameSite Lax so I don't see why it isn't explicitly set?
SameSite Updates - The Chromium Projects
Home of the Chromium Open Source Project[URL...
Read more
ادامه مطلب...