Skip to content

Add support for SESSION_COOKIE_SAMESITE #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ldruschk wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add support for SESSION_COOKIE_SAMESITE #52

ldruschk wants to merge 4 commits into from

Conversation

@ldruschk
Copy link

@ldruschk ldruschk commented Nov 21, 2019

Add support for the SESSION_COOKIE_SAMESITE configuration option as documented in https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SAMESITE

(note that this includes the .travis.yml changes from #51)

cript0nauta added a commit to infobyte/faraday that referenced this pull request Jan 30, 2020
@cript0nauta
Fix CSRF vulnerability in all JSON endpoints
8c1052d 
To fix the vuln, we need to use SameSite cookies. The upstream version
of Flask-KVSession doesn't support that, so we forked it, merged the
changes in mbr/flask-kvsession#52 and uploaded
the new version to PyPI (with the name `flask-kvsession-fork`).

I also changed the session cookie name to discard old session cookies
that don't have the SameSite attribute unset.
@blazerguns
Copy link

blazerguns commented Nov 10, 2021

@mbr I understand you may not be maintaining this project anymore. Would it be possible to just merge this PR? This would help fix samesite attribute control.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ldruschk @blazerguns