Unable to set sameSite=strict for cookies

[tirithen]

I'm unable to set sameSite cookie option to strict to prevent cross-site requests from sending out the cookie, an thoughts on how to add that feature?

https://www.owasp.org/index.php/SameSite

[elithrar]

This isn’t yet exposed in the underlying securecookie library, as it was only just supported in Go 1.11’s http.Cookie (literally two days ago). I plan to add support to both within the next week or so.

…

On Tue, Aug 28, 2018 at 5:47 PM Fredrik Söderström ***@***.***> wrote: I'm unable to set sameSite cookie option to strict to prevent cross-site requests from sending out the cookie, an thoughts on how to add that feature? https://www.owasp.org/index.php/SameSite — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#164>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABIcM_LswUnvU3s-_x_ojKlVTvTAZc_ks5uVeStgaJpZM4WQoxP> .

[tirithen]

Wow thanks, I did not realize this. Looking forward for this :)

[elithrar]

Closing in favor of #165 - PR is building in CI & in review.