Categories
internet programming

Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy

Yet another potentially breaking change on the web. This time round it involves cookie handling (in the upcoming Chrome 80). The objective is to close off a class of attacks known as CSRF (cross-site request forgery). Expect other browsers to follow suit.

… any websites you’re responsible for that are passing cookies around cross domain by POST request and don’t already have a SameSite policy are going to start misbehaving pretty quickly

Source: Troy Hunt: Promiscuous Cookies and Their Impending Death via the SameSite Policy