Open Bug 1461634 Opened 7 years ago Updated 4 years ago

Support SameSite cookie attribute

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: psiinon, Unassigned)

References

Details

(Keywords: conduit-triaged, sec-low, wsec-cookie, Whiteboard: [secops:2021])

Simon Bennetts [:psiinon]

Reporter

Description

•

7 years ago

Firefox 60 introduces support for the SameSite cookie attribute: https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ This provides significant protection against CSRF vulnerabilities and so it should be applied to any session cookies. Are phsid and phcid both used as session cookies? They are both flagged as secure and httponly.

Steven MacLeod [:smacleod]

Updated

•

7 years ago

Blocks: 1471295

Steven MacLeod [:smacleod]

Updated

•

7 years ago

Keywords: conduit-triaged

Simon Bennetts [:psiinon]

Reporter

Updated

•

6 years ago

Keywords: sec-low

:glob ✱

Updated

•

6 years ago

Priority: -- → P3

AJ Bahnken [:ajvb] (she/her)

Updated

•

4 years ago

Whiteboard: [secops:2021]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Support SameSite cookie attribute

Categories

(Conduit :: Phabricator, enhancement, P3)

Tracking

(Not tracked)

People

(Reporter: psiinon, Unassigned)

References

Details

(Keywords: conduit-triaged, sec-low, wsec-cookie, Whiteboard: [secops:2021])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated