Cookie nette-samesite

Question

Cookie nette-samesite

nargotik opened this issue 5 years ago · 6 comments

nargotik commented 5 years ago

Hi, as far i saw this cookie is set on src/Bridges/HttpDI/HttpExtension.php

There is any reason for this cookie to cannot be optional or name changed ?

Answer 1 · 2020-11-10T00:29:09.000Z

Still not figure why this is this way .. and why cant the cookie be renamed.

Answer 2 · 2020-11-10T01:56:34.000Z

Why do you want to rename it?

Answer 3 · 2020-11-10T02:56:21.000Z

Because some projects don't need to say the visitors what technology they use, it makes part of security to don't pass information to visitors that provides crucial information about the system.

Answer 4 · 2020-11-14T14:19:07.000Z

@dg What you think about it ?

Answer 5 · 2020-12-07T00:20:57.000Z

Have added a PR with changes needed to add a new config variable: cookieNameStrict

PR: #189

Answer 6 · 2021-01-05T21:47:35.000Z

At the moment, it is difficult to make a clean solution, so I'll implement it in the next bigger version.

However, in nette/http 3.1 the name has changed to _nss which is not so noticeable.