[pve-devel] applied: [PATCH http-server] fix external linking when cookie was acquired via HTML formatter
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Oct 15 15:31:32 CEST 2024
Am 14/10/2024 um 14:13 schrieb Dominik Csapak:
> currently we set the SameSite attribute to `Strict` which prevents
> linking from external sites with the cookies set.
> (For a detailed explanation of this see [0])
>
> so with the same rationale as in [0], set the cookie SameSite attribute
> to 'Lax', which is very similar behavior as 'Strict' but allows linking
> from external resources[1].
>
> 0: https://lore.proxmox.com/pve-devel/20241007150251.3295598-1-d.csapak@proxmox.com/
> 1: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_attribute
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> this is thought as a follow up to [0], but can be applied independently
> since most users will not use the HTML formatter normally.
> (Since it's mostly intended for debugging/developing)
>
> src/PVE/APIServer/Formatter.pm | 2 +-
> src/PVE/APIServer/Formatter/Bootstrap.pm | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>
applied, thanks!
More information about the pve-devel
mailing list