VRChat API Change Notification - Header Changes
dtupper opened this issue · 1 comments
dtupper commented
Hello!
VRChat's API will be making a change soon. We'll be adding the SameSite=Lax
attribute to our auth cookies. This is part of an effort to improve our CSRF protection.
Browsers for the most part already treat all cookies this way, but a handful don't. We don't expect this to affect many VRChat-related applications, but we wanted to let you know anyhow.
Additionally, we're going to start filtering requests based on the Origin
and Referer
headers. Leave those headers empty to avoid being impacted by this change.
Thank you!
dtupper commented
Wrong repo, closing.