Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
sameSite cookie attribute
My Firefox has started complaining about the sameSite attribute:
"Cookie “fuel_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To learn more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite"
I guess we need to start adding SameSite=Lax? We can do that ourselves for now but I guess it needs adding to the main build too?
Comments
Good to know. Wonder if this is something CI will fix too: This may help too:
https://stackoverflow.com/questions/60634341/codeigniter-3-samesite-attribute-for-csrf-protection