Details

    • Type: Sub-task
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0, 2.5.0-alpha1
    • Component/s: backend
    • Labels:
      None

      Description

      AT:

      • the optimize auth session cookie has the same site flag set to strict
      • this is also the case for SSO
      • in the documentation in the supported environments sections it is mentioned that only specific IE11 browser versions are supported
      • the same site cookie flag can be disabled via configuration

      Note:
      Setting the sameSite=strict might be a low-hanging fruit for CSRF protection on browsers that support it https://caniuse.com/#feat=same-site-cookie-attribute (yes even IE11).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              sebastian.bathke Sebastian Bathke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: