We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After investigating SSO, I think we need to improve this:
[]string{"path=/", "SameSite=lax", "httpOnly"}
Secure
@alexmt why does Argo CD use "lax" not "strict"?
OSWAP
This is probably the most secure configuration we have for now: Set-Cookie: __Host-SessionID=3h93...;Path=/;Secure;HttpOnly;SameSite=Strict
Set-Cookie: __Host-SessionID=3h93...;Path=/;Secure;HttpOnly;SameSite=Strict
The text was updated successfully, but these errors were encountered:
@jannfis @alexmt FYI
Sorry, something went wrong.
ok, we don't currently need to set path, because we set the cookie client side in javascript
fix: Improve cookie security. Fixes argoproj#2759
bbace9d
fix: Improve cookie security. Fixes #2759 (#2763)
a6fa3f7
ee10796
Successfully merging a pull request may close this issue.
After investigating SSO, I think we need to improve this:
[]string{"path=/", "SameSite=lax", "httpOnly"}
but notSecure
.@alexmt why does Argo CD use "lax" not "strict"?
OSWAP
This is probably the most secure configuration we have for
now:
Set-Cookie: __Host-SessionID=3h93...;Path=/;Secure;HttpOnly;SameSite=Strict
The text was updated successfully, but these errors were encountered: