Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6485

RFE - SameSite cookie implantation for openshift console and oauth routes

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • SDN
    • None
    • Improvement
    • False
    • None
    • False
    • Not Selected

      Proposed title of this feature request

      Customer is looking to set the route annotation router.openshift.io/cookie-same-site: Strict for openshift-console, and oauth routes but it does not apply successfully.

       

      Why does the customer need this?

      SameSite is a cookie attribute (similar to HTTPOnly, Secure etc.) which aims to mitigate CSRF attacks. It is defined in RFC6265bis. This attribute helps the browser decide whether to send cookies along with cross-site requests. Possible values for this attribute are LaxStrict, or None.

              mcurry@redhat.com Marc Curry
              rhn-support-rsahoo Ramesh Sahoo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: