From 6ad89303b03f007136c9d606477c33161000f88e Mon Sep 17 00:00:00 2001 From: Ilya Kantor Date: Thu, 13 May 2021 17:53:55 +0300 Subject: [PATCH] minor fixes --- 6-data-storage/01-cookie/article.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index 9fc5f695..ac2fda06 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -247,8 +247,11 @@ But anything more complicated, like a network request from another site or a for If that's fine for you, then adding `samesite=lax` will probably not break the user experience and add protection. -Overall, `samesite` is a great option, but it has an important drawback: -- `samesite` is ignored (not supported) by old browsers, year 2017 or so. +Overall, `samesite` is a great option. + +There's a drawback: + +- `samesite` is ignored (not supported) by very old browsers, year 2017 or so. **So if we solely rely on `samesite` to provide protection, then old browsers will be vulnerable.**