7ccaa125ba
Enabling `SameSite` cookie protection is an addition to CSRF protection, where cookies won't be sent by browsers in cross-site POST requests when set to `:lax`. `:strict` disables cookies being sent in cross-site GET or POST requests. Passing `:none` disables this protection and is the same as previous versions albeit a `; SameSite=None` is appended to the cookie. See upgrade instructions in config/initializers/new_framework_defaults_6_1.rb. More info [here](https://tools.ietf.org/html/draft-west-first-party-cookies-07) _NB: Technically already possible as Rack supports SameSite protection, this is to ensure it's applied to all cookies_ |
||
---|---|---|
.. | ||
minitest | ||
rails | ||
rails.rb |