boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530730949
Also, what about the added methods? The test is failing because of that
also. I can overload the `addCookieHeader` and call the new one from the old
one,
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530730424
Do we want `NONE` as the default? Chrome is making `LAX` the default and
that is more secure than `NONE`. Perhaps Shiro should do the same?
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530387875
@fpapon - I've [created a JIRA
issue](https://issues.apache.org/jira/browse/SHIRO-722).
Please tell me what to do with the failing test and I'll do
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530297751
I updated the PR and added also the `None` option. According to
[this](https://scotthelme.co.uk/csrf-is-really-dead/) `SameSite` is going to be
the
