Add SameSite-attribute to cfcookie

Description

I propose to add the sameSite attribute to the cfcookie tag. This cookie attribute will help to prevent Cross-Site Request Forgeries.
See: https://scotthelme.co.uk/csrf-is-dead/

Activity

Show:

Zac Spitzer

April 9, 2020, 11:34 AM

Copy link to comment

can you add the ACF-compat label

the new ACF syntax throws

David R.

April 9, 2020, 1:11 PM

Copy link to comment

samesite="Strict | Lax | None" and the “secure” options are very useful in cookies setting.
Now I use below Header string to the httpd config, but at lucee level will be better:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict

Pothys - MitrahSoft

April 9, 2020, 1:35 PM

Copy link to comment

, I added the label.

Mircea Botez

May 19, 2020, 5:02 PM

Copy link to comment

cleaned up the PR

Zac Spitzer

May 25, 2020, 12:28 PM

Copy link to comment

PR to enable samesite strict for the admin

Fixed

Assignee

Mircea Botez

Reporter

Mischa Sameli

Labels

CSRF

acf-compat

sameSite

Sprint

None

Fix versions

5.3.7.33

Priority

New

Configure

Lucee - Gert

Add SameSite-attribute to cfcookie

Description

Activity

Assignee

Reporter

Labels

Sprint

Fix versions

Priority