cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-19 14:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
52b704baeb
powerdns-admin/powerdnsadmin
History
corubba 52b704baeb Set SameSite on cookies 
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
..
lib feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
models feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
routes Fix csrf configuration 2022-06-18 18:51:40 +02:00
services Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
static Add general modal functions 2022-05-19 00:53:20 +02:00
templates feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
__init__.py Fix csrf configuration 2022-06-18 18:51:40 +02:00
assets.py Add 'otp_force' basic setting (#1051) 2021-12-17 11:41:51 +01:00
decorators.py enh: Enforce Record Restrictions in API (#1089) 2022-06-18 14:20:49 +02:00
default_config.py Set SameSite on cookies 2022-06-18 18:51:42 +02:00
swagger-spec.yaml Updated the unknown state 2022-05-23 16:46:11 +00:00