[Koha-bugs] [Bug 26019] Koha should set SameSite attribute on cookies
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 7 01:38:43 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #8 from David Cook <dcook at prosentient.com.au> ---
I've actually been looking for cookies on sites I use, and for the most part I
don't see any actually setting SameSite. (Of course, many of the sites are
using ServiceWorker, and at a glance it's not obvious what it's doing in the
background.)
One exception is a load balancer stickness CORS cookie, AWSALBCORS, which has
"SameSite=None". (More info available at
https://forums.aws.amazon.com/ann.jspa?annID=7413)
Noticing a "SameSite=None" cookie for www.google.com which is a
tracking/targeting/advertising cookie.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list