Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure session-cookies and CSRF-cookies use HttpOnly, Secure and SameSite options #45

Closed
alextreme opened this issue Jul 11, 2024 · 2 comments · Fixed by #47 or #55
Closed

Ensure session-cookies and CSRF-cookies use HttpOnly, Secure and SameSite options #45

alextreme opened this issue Jul 11, 2024 · 2 comments · Fixed by #47 or #55
Assignees
@Coperh
Labels
enhancement New feature or request owner: amsterdam

Comments

@alextreme
Copy link
Member

Thema / Theme

Other

Omschrijving / Description

Taiga AMS 19

Ensure the Django sessioncookie and CSRF cookies use HttpOnly, Secure and SameSite options.

In order to do so, see how OpenForms does this: https://github.com/open-formulieren/open-forms/blob/a4bb6c3167f62ff173f74acbd029b8e0c2fddf10/src/openforms/conf/base.py#L523

After adding this to OAf please bump and release OZ+ON+Obj+OT

Toegevoegde waarde / Added value

No response

Aanvullende opmerkingen / Additional context

No response
@alextreme alextreme added enhancement New feature or request triage Triage means the team has not yet refined this issue. labels Jul 11, 2024
Coperh added a commit that referenced this issue Jul 16, 2024
@Coperh
🔧[#45] add session and CSRF samesite option
990af9a
@Coperh Coperh mentioned this issue Jul 16, 2024
Merged
@joeribekker joeribekker added owner: amsterdam and removed triage Triage means the team has not yet refined this issue. labels Jul 23, 2024
Coperh added a commit that referenced this issue Aug 13, 2024
@Coperh
🔧[#45] add session and CSRF samesite option
b912f6c
Coperh added a commit that referenced this issue Aug 13, 2024
@Coperh
🔧[#45] add session and CSRF samesite option
a49870b
Coperh added a commit that referenced this issue Aug 13, 2024
@Coperh
Merge pull request #47 from maykinmedia/feature/45-same-site-options
a965065 
🔧[#45] add session and CSRF samesite option
@Coperh Coperh reopened this Aug 13, 2024
@alextreme
Copy link
Member Author

@Coperh was setting of CSRF_COOKIE_HTTPONLY taken into account for this issue? I don't see it in the PR

Coperh added a commit that referenced this issue Aug 20, 2024
@Coperh
🔧[#45] add CSRF_COOKIE_HTTPONLY setting
4ee7dc7
@Coperh Coperh mentioned this issue Aug 20, 2024
Merged
Coperh added a commit that referenced this issue Aug 20, 2024
@Coperh
Merge pull request #55 from maykinmedia/feature/45-same-site-options
ac17e91 
🔧[#45] add CSRF_COOKIE_HTTPONLY setting
@Coperh
Copy link
Contributor

Coperh commented Aug 23, 2024
edited
Loading

Added in:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Coperh Coperh

Labels
enhancement New feature or request owner: amsterdam
Projects
Data en API fundament
Status: Done
Milestone
No milestone
3 participants
@joeribekker @alextreme @Coperh