•  
      request #10979 Implement Same-Site cookie and cookie prefixes protections
    Infos
    #10979
    Thomas Gerbet (tgerbet)
    2018-02-01 16:50
    2018-01-05 17:14
    11069
    Details
    Implement Same-Site cookie and cookie prefixes protections
    Tuleap should implement two new cookies protection whenever possible:
    * Same-Site cookie [1]: it adds a new layer of protection against CSRF and XSSI. Currently only supported by Chrome, support is coming into Firefox.
    * Cookie prefixes [2]: it protects against cookie injections. Supported by Chrome and Firefox. Whenever possible Tuleap should use the __Host- prefix.


    [1] https://tools.ietf.org/html/draft-west-first-party-cookies-07
    [2] https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00
    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-02-01
    Attachments
    Empty
    References

    Follow-ups