TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
7ccaa125ba
rails/railties/lib
History
Cédric Fabianski 7ccaa125ba
Add SameSite protection to every written cookie 
Enabling `SameSite` cookie protection is an addition to CSRF protection,
where cookies won't be sent by browsers in cross-site POST requests when set to `:lax`.

`:strict` disables cookies being sent in cross-site GET or POST requests.

Passing `:none` disables this protection and is the same as previous versions albeit a `; SameSite=None` is appended to the cookie.

See upgrade instructions in config/initializers/new_framework_defaults_6_1.rb.

More info [here](https://tools.ietf.org/html/draft-west-first-party-cookies-07)

_NB: Technically already possible as Rack supports SameSite protection, this is to ensure it's applied to all cookies_
2019-12-15 01:37:24 +01:00
..
minitest Railities typo fixes. 2019-02-01 16:42:40 +05:30
rails Add SameSite protection to every written cookie 2019-12-15 01:37:24 +01:00
rails.rb Fix document formatting of Rails.group [ci skip] 2019-09-05 19:00:20 +09:00