[GitHub] [shiro] boris-petrov commented on issue #67: Add SameSite option to cookies
boris-petrov commented on issue #67: Add SameSite option to cookies URL: https://github.com/apache/shiro/pull/67#issuecomment-530730949 Also, what about the added methods? The test is failing because of that also. I can overload the `addCookieHeader` and call the new one from the old one, that's fine, but what about the two new methods - `getSameSite` and `setSameSite`? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] boris-petrov commented on issue #67: Add SameSite option to cookies
boris-petrov commented on issue #67: Add SameSite option to cookies URL: https://github.com/apache/shiro/pull/67#issuecomment-530730424 Do we want `NONE` as the default? Chrome is making `LAX` the default and that is more secure than `NONE`. Perhaps Shiro should do the same? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] boris-petrov commented on issue #67: Add SameSite option to cookies
boris-petrov commented on issue #67: Add SameSite option to cookies URL: https://github.com/apache/shiro/pull/67#issuecomment-530387875 @fpapon - I've [created a JIRA issue](https://issues.apache.org/jira/browse/SHIRO-722). Please tell me what to do with the failing test and I'll do it. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] boris-petrov commented on issue #67: Add SameSite option to cookies
boris-petrov commented on issue #67: Add SameSite option to cookies URL: https://github.com/apache/shiro/pull/67#issuecomment-530297751 I updated the PR and added also the `None` option. According to [this](https://scotthelme.co.uk/csrf-is-really-dead/) `SameSite` is going to be the default in Chrome *really* soon so this PR becomes urgent. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services