This repository has been archived by the owner on Jan 24, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
NancyCookie doesn't have support for SameSite changes #3002
Comments
Hi, |
Yup a class that extends NancyCookie and overrides the |
0x414c49
pushed a commit
to 0x414c49/Nancy
that referenced
this issue
Mar 10, 2020
Adds SameSite property to cookies (Lax, Strict and None). If the SameSite property is None, the secure value will be set to true automatically. (https://web.dev/samesite-cookies-explained/#changes-to-the-default-behavior-without-samesite) Fix NancyFx#3002
4 tasks
I just made a PR to add |
0x414c49
pushed a commit
to 0x414c49/Nancy
that referenced
this issue
Mar 10, 2020
SameSite property will accept Lax, Strict and None values. Fix NancyFx#3002
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Nancy Version: Tested 1.4.5 and 2.0.0
Currently with all the SameSite cookie changes being done in Chrome (and FF and Edge) there is no nice way to set the SameSite options for a
NancyCookie
. See https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1 for more details.Particularly this becomes a higher priority now that Chrome 80 is stable and has breaking changes around SameSite properties.
The only currently workaround I can see for the moment is to add a OWIN middleware and manually change the cookies myself.
The text was updated successfully, but these errors were encountered: