{"id":27883,"date":"2017-08-29T11:07:18","date_gmt":"2017-08-29T09:07:18","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=27883"},"modified":"2017-08-29T22:33:24","modified_gmt":"2017-08-29T20:33:24","slug":"the-end-of-csrf","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/29\/the-end-of-csrf\/","title":{"rendered":"The end of CSRF?"},"content":{"rendered":"\n

The end of CSRF?<\/a>” blog post talks about the new feature coming to browsers – SameSite<\/a> cookie enforcement, which will help in getting rid of Cross-Site Request Forgery<\/a> (CSRF) attacks. \u00a0Too bad this is currently only supported by Google Chrome (both desktop and mobile), and Opera. \u00a0But I’m sure it’s coming soon to the rest of the browsers.<\/p>\n

Update<\/strong>: \u00a0It looks like the above blog post is almost a copy of this blog post<\/a>, which has a number of useful comments. \u00a0Including this one<\/a>, which links to a variety of projects and programming languages bug trackers requesting the support of the SameSite cookie feature. \u00a0Also, it looks like SameSite cookie is superseded by the Cookie Prefix<\/a> solution, proposed by Google.<\/p>\n\n","protected":false},"excerpt":{"rendered":"\n

“The end of CSRF?” blog post talks about the new feature coming to browsers – SameSite cookie enforcement, which will help in getting rid of Cross-Site Request Forgery (CSRF) attacks. \u00a0Too bad this is currently only supported by Google Chrome (both desktop and mobile), and Opera. \u00a0But I’m sure it’s coming soon to the rest … Continue reading The end of CSRF?<\/span><\/a><\/p>\n\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"The end of CSRF? #WebDev #security #browsers","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[20,200,1330],"keyring_services":[],"class_list":["post-27883","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-browsers","tag-security","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t