You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2019/12/06 03:13:42 UTC

[GitHub] [couchdb] dbashyal commented on issue #2221: Cookie from cross-site without SameSite attribute

dbashyal commented on issue #2221: Cookie from cross-site without SameSite attribute
URL: https://github.com/apache/couchdb/issues/2221#issuecomment-562414523
 
 
   > This console warning is not an error or an actual problem — Chrome is just spreading the word about this new standard to increase developer adoption.
   > 
   > The release date for a fix is 02/04/2020 per: https://www.chromium.org/updates/same-site
   > 
   > I solved the same problem by adding in the response header
   > 
   > response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
   > 
   > SameSite prevents the browser from sending the cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. Possible values for the flag are Lax or Strict.
   > 
   > Please refer to this before applying any option.
   > 
   > Hope this helps you.
   
   @ImATechnophile You missed link - https://stackoverflow.com/a/58320564/534525

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services