Skip to content
This repository was archived by the owner on Nov 4, 2024. It is now read-only.

Add support for SameSite cookies #313

Merged
april merged 2 commits into from
Jan 18, 2018
Merged

Add support for SameSite cookies #313

april merged 2 commits into from
Jan 18, 2018

Conversation

@april
Copy link
Contributor

@april april commented Jan 17, 2018

This addresses #64, helping to mitigate the risks from Spectre.

This was referenced Jan 17, 2018
Closed
Closed
@rugk
Copy link

rugk commented Jan 17, 2018

Wait, what do SameSite cookies have to do with Spectre?

@april
Copy link
Contributor Author

april commented Jan 17, 2018

The use of X-Content-Type-Options and SameSite cookies can prevent cookies from entering memory. Currently those protections are important for users of Chrome's Site Isolation feature.

@rugk
Copy link

rugk commented Jan 17, 2018

Ah, so what about Firefox? Does cookies (do not) enter the memory there, too?

Also very interesting correlation generally… is there a blog post for that or do you plan to write one? I'd say that could be worth a blog post. 😄

@april
Copy link
Contributor Author

april commented Jan 18, 2018

I'm not sure exactly where Firefox is currently, although I imagine this sort of work will be looked at:
https://www.chromium.org/Home/chromium-security/ssca

@april april merged commit a3cb954 into mozilla:master Jan 18, 2018
@OllieBuilds OllieBuilds mentioned this pull request Jan 22, 2018
Closed
This was referenced Oct 29, 2018
Closed
Closed
@ygbr ygbr mentioned this pull request Jun 4, 2020
Open
3 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@april @rugk