![]() 1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens ## What type of PR? Bugfix ## What does this PR do? It sets the right flags on the session cookie issued by the admin app. This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability. SameSite is hardening / helps against CSRF on modern browsers HTTPOnly is hardening / helps reduce the impact of XSS Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> |
4 years ago | |
---|---|---|
.. | ||
_templates | 6 years ago | |
assets | 4 years ago | |
compose | 5 years ago | |
contributors | 5 years ago | |
kubernetes | 5 years ago | |
swarm | 5 years ago | |
.env | 6 years ago | |
Dockerfile | 6 years ago | |
antispam.rst | 5 years ago | |
cli.rst | 6 years ago | |
conf.py | 5 years ago | |
configuration.rst | 4 years ago | |
database.rst | 5 years ago | |
demo.rst | 5 years ago | |
dns.rst | 5 years ago | |
docker-compose.yml | 6 years ago | |
faq.rst | 4 years ago | |
features.rst | 4 years ago | |
general.rst | 8 years ago | |
index.rst | 5 years ago | |
maintain.rst | 7 years ago | |
nginx.conf | 7 years ago | |
releases.rst | 4 years ago | |
requirements.txt | 7 years ago | |
reverse.rst | 4 years ago | |
rpi_build.rst | 6 years ago | |
setup.rst | 5 years ago | |
webadministration.rst | 5 years ago |