Add SameSite-attribute to cfcookie

Description

I propose to add the sameSite attribute to the cfcookie tag. This cookie attribute will help to prevent Cross-Site Request Forgeries.
See: https://scotthelme.co.uk/csrf-is-dead/

Activity

Show:
Zac Spitzer
April 9, 2020, 11:34 AM

can you add the ACF-compat label

the new ACF syntax throws

David R.
April 9, 2020, 1:11 PM

samesite="Strict | Lax | None" and the “secure” options are very useful in cookies setting.
Now I use below Header string to the httpd config, but at lucee level will be better:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict

 

Pothys - MitrahSoft
April 9, 2020, 1:35 PM

, I added the label.

Mircea Botez
May 19, 2020, 5:02 PM

cleaned up the PR

Zac Spitzer
May 25, 2020, 12:28 PM

PR to enable samesite strict for the admin

Fixed

Assignee

Mircea Botez

Reporter

Mischa Sameli

Sprint

None

Fix versions

Priority

New
Configure