Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set SameSite flag as strict for crossfeed-token. #2274

Merged
merged 4 commits into from
Oct 25, 2023

Conversation

Matthew-Grayson
Copy link
Contributor

@Matthew-Grayson Matthew-Grayson commented Oct 2, 2023

🗣 Description

Set SameSite flag as strict for crossfeed-token.
See issue #2244.
This may also address issue #2273.

💭 Motivation and context

Provides additional protection against cross-site request forgery attacks. See OWASP documentation here.
Closes issue #2244.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@Matthew-Grayson Matthew-Grayson linked an issue Oct 2, 2023 that may be closed by this pull request
@Matthew-Grayson Matthew-Grayson marked this pull request as ready for review October 4, 2023 15:35
@Matthew-Grayson Matthew-Grayson merged commit 1dd4ace into master Oct 25, 2023
10 checks passed
@Matthew-Grayson Matthew-Grayson deleted the 2273-secure-flag-on-cookies branch October 25, 2023 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Secure Flag on Cookies
2 participants