diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-11-05 18:11:38 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-11-05 18:11:38 +0100 |
| commit | 8b0f9fae9f34ef25458e79a477758a45873b7cd4 (patch) | |
| tree | e86e90a6189c7271080c40ddcff5290d615e891e | |
| parent | bba0b0565559fbecf5df170b472cadc58627027a (diff) | |
Cookie same-site (#2630)
* Set-Cookie SameSite
* https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
* https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
* https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
* https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again
| -rw-r--r-- | Docker/README.md | 2 | ||||
| -rw-r--r-- | p/.htaccess | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/Docker/README.md b/Docker/README.md index 15510a220..d06016fb9 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -320,7 +320,7 @@ server { # Other SSL stuff goes here # Needed for Freshrss cookie/session : - proxy_cookie_path / "/; HTTPOnly; Secure"; + proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=Lax"; location / { try_files $uri $uri/ =404; diff --git a/p/.htaccess b/p/.htaccess index 74ba7ed11..909fb6cdc 100644 --- a/p/.htaccess +++ b/p/.htaccess @@ -37,4 +37,5 @@ AddDefaultCharset UTF-8 <FilesMatch "\.(css|gif|html|ico|js|png|svg|woff|woff2)$"> Header merge Cache-Control "public" </FilesMatch> + Header edit Set-Cookie ^(.*)$ "$1; SameSite=Lax" </IfModule> |