vrchatapi/vrchatapi.github.io

VRChat API Change Notification - Header Changes

dtupper opened this issue · 1 comments

Hello!

VRChat's API will be making a change soon. We'll be adding the SameSite=Lax attribute to our auth cookies. This is part of an effort to improve our CSRF protection.

Browsers for the most part already treat all cookies this way, but a handful don't. We don't expect this to affect many VRChat-related applications, but we wanted to let you know anyhow.

Additionally, we're going to start filtering requests based on the Origin and Referer headers. Leave those headers empty to avoid being impacted by this change.

Thank you!

Wrong repo, closing.