Re: [pgAdmin4] To make session cookie more secure (Server mode)
Thanks, patch applied.
On Wed, May 9, 2018 at 8:33 AM, Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com> wrote:
Hi,PFA minor patch to make to make session cookie more secure in Server mode.We will set SESSION_COOKIE_SAMESITE='Lax' in the config file.'Lax' option prevents sending cookies with CSRF-prone requests from external sites, such as submitting a form.RM#3342Please review.--Regards,
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
В списке pgadmin-hackers по дате отправления:
Предыдущее
От: Dave PageДата:
Сообщение: pgAdmin 4 commit: Set SESSION_COOKIE_SAMESITE='Lax' per Flaskrecommend