| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Murtuza Zabuawala <murtuza(dot)zabuawala(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: [pgAdmin4] To make session cookie more secure (Server mode) |
| Date: | 2018-05-09 13:05:08 |
| Message-ID: | CA+OCxoy49i8JJpbg253XJm7_JsmBpXOGTvyomYDkgHRrb_v=yQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Thanks, patch applied.
On Wed, May 9, 2018 at 8:33 AM, Murtuza Zabuawala <
murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> Hi,
>
> PFA minor patch to make to make session cookie more secure in Server mode.
> We will set SESSION_COOKIE_SAMESITE
> <http://flask.pocoo.org/docs/1.0/config/#SESSION_COOKIE_SAMESITE>='Lax'
> in the config file.
> 'Lax' option prevents sending cookies with CSRF-prone requests from
> external sites, such as submitting a form.
> RM#3342
>
> P
> lease review.
>
>
> --
> Regards,
> Murtuza Zabuawala
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2018-05-09 13:06:20 | pgAdmin 4 commit: Update release notes |
| Previous Message | Dave Page | 2018-05-09 13:04:53 | pgAdmin 4 commit: Set SESSION_COOKIE_SAMESITE='Lax' per Flask recommend |