Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: safeweb: Set SameSite for CSRF cookie #11780

Closed
noncombatant opened this issue Apr 17, 2024 · 0 comments · Fixed by #11781
Closed

FR: safeweb: Set SameSite for CSRF cookie #11780

noncombatant opened this issue Apr 17, 2024 · 0 comments · Fixed by #11781
Assignees
@noncombatant
Labels
fr Feature request

Comments

@noncombatant
Copy link
Contributor

What are you trying to do?

No response

How should we solve this?

No response

What is the impact of not solving this?

This would give us some marginal additional defense in depth against CSRF, and is generally just best practice.

Anything else?

No response
@noncombatant noncombatant added the fr Feature request label Apr 17, 2024
@noncombatant noncombatant self-assigned this Apr 17, 2024
noncombatant pushed a commit that referenced this issue Apr 17, 2024
safeweb: set SameSite=Strict, with an option for Lax
7736af1 
Fixes #11780

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
@noncombatant noncombatant mentioned this issue Apr 17, 2024
Merged
noncombatant pushed a commit that referenced this issue Apr 17, 2024
safeweb: set SameSite=Strict, with an option for Lax
8aa7059 
Fixes #11780

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
noncombatant pushed a commit that referenced this issue Apr 17, 2024
safeweb: set SameSite=Strict, with an option for Lax (#11781)
88a7767 
Fixes #11780

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noncombatant noncombatant

Labels
fr Feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

safeweb: set SameSite=Strict, with an option for Lax tailscale/tailscale
1 participant
@noncombatant