| From: | Murtuza Zabuawala <murtuza(dot)zabuawala(at)enterprisedb(dot)com> |
|---|---|
| To: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | [pgAdmin4] To make session cookie more secure (Server mode) |
| Date: | 2018-05-09 07:33:53 |
| Message-ID: | CAKKotZRrRNhZNi1O-MjG2QkfiD+gjkZ_3cBE+bRXp+JqcrsAdA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi,
PFA minor patch to make to make session cookie more secure in Server mode.
We will set SESSION_COOKIE_SAMESITE
<http://flask.pocoo.org/docs/1.0/config/#SESSION_COOKIE_SAMESITE>='Lax' in
the config file.
'Lax' option prevents sending cookies with CSRF-prone requests from
external sites, such as submitting a form.
RM#3342
P
lease review.
--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| Attachment | Content-Type | Size |
|---|---|---|
| RM_3342.diff | application/octet-stream | 383 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Akshay Joshi | 2018-05-09 07:38:07 | pgAdmin 4 commit: Fixed query tool keyboard issue where arrow keys were |
| Previous Message | Akshay Joshi | 2018-05-09 07:10:14 | Re: [pgAdmin4][Patch] Feature #3270 Add support for running regression tests against Firefox |