-
Type:
Sub-task
-
Resolution: Fixed
-
Priority:
L3 - Default
-
Affects Version/s: None
-
Component/s: backend
-
None
AT:
- the optimize auth session cookie has the same site flag set to strict
- this is also the case for SSO
- in the documentation in the supported environments sections it is mentioned that only specific IE11 browser versions are supported
- the same site cookie flag can be disabled via configuration
Note:
Setting the sameSite=strict might be a low-hanging fruit for CSRF protection on browsers that support it https://caniuse.com/#feat=same-site-cookie-attribute (yes even IE11).
This is the controller panel for Smart Panels app
- is related to
-
OPT-2105 Protect Optimize from CSRF attacks
-
- Done
-