Recent content by Fozzie

F
XF 2.1 SameSite cookies and removal of anti-CSRF tokens

Thanks for the reply, but if all cookies are set with SameSite to Lax what is the point of the anti-CSRF token? Can you at least give us an option to remove it?
- Fozzie
- Post #3
- Aug 27, 2020
- Forum: XenForo questions and support
F
XF 2.1 SameSite cookies and removal of anti-CSRF tokens

Why aren't the xf_user and xf_session cookies set to SameSite Lax? Assuming all forms are using POST then authentication cookies with the SameSite Lax value will not be sent for cross origin requests, eliminating the need for any anti-CSRF tokens at all. Both Chrome and Firefox now...
- Fozzie
- Thread
- Aug 12, 2020
- Replies: 7
- Forum: XenForo questions and support

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Top Bottom