You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think localhost is considered 'Secure' so this shouldn't affect local development much, but there is a minor possibility this would need to be configurable.
The text was updated successfully, but these errors were encountered:
This issue was originally created by @reivilibre at matrix-org/matrix-authentication-service#2877.
I was just looking at the code for the CSRF token cookie and suspect it could be improved.
https://github.com/matrix-org/matrix-authentication-service/blob/7c67630c951ecf2fc8e19a8184ca51ba2476a03c/crates/axum-utils/src/csrf.rs#L134
__Host-to prevent, in modern browsers that support this, some classes of cookie fixation attacks.https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
I think localhost is considered 'Secure' so this shouldn't affect local development much, but there is a minor possibility this would need to be configurable.
The text was updated successfully, but these errors were encountered: