minor fixes
This commit is contained in:
Ilya Kantor
parent
33f1b11dc2
commit
6ad89303b0
1 changed files with 5 additions and 2 deletions
|
|
@ -247,8 +247,11 @@ But anything more complicated, like a network request from another site or a for
|
|||
|
||||
If that's fine for you, then adding `samesite=lax` will probably not break the user experience and add protection.
|
||||
|
||||
Overall, `samesite` is a great option, but it has an important drawback:
|
||||
- `samesite` is ignored (not supported) by old browsers, year 2017 or so.
|
||||
Overall, `samesite` is a great option.
|
||||
|
||||
There's a drawback:
|
||||
|
||||
- `samesite` is ignored (not supported) by very old browsers, year 2017 or so.
|
||||
|
||||
**So if we solely rely on `samesite` to provide protection, then old browsers will be vulnerable.**
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue