Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3306] No subject

Browse source
This commit is contained in:
CPol 2022-07-03 21:02:28 +00:00 committed by gitbook-bot
parent d0fa6ab7e2
commit b1dfcc0701
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pentesting-web/hacking-with-cookies/README.md
View file

@ -157,7 +157,8 @@ This will indicate the browser if the **cookie** can be sent **from other domain
Table from [here](https://www.netsparker.com/blog/web-security/same-site-cookie-attribute-prevent-cross-site-request-forgery/)\
A cookie with _**SameSite**_ attribute will **mitigate CSRF attacks** where a logged session is needed.
**Notice that from Chrome80 (feb/2019) the default behaviour of a cookie without a cookie samesite** **attribute will be lax** ([https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/](https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/)). Notice that temporary, after applying this change, the **cookies without a SameSite** **policy** in Chrome will be **treated as None during the first 2 minutes and then as Lax**.
**Notice that from Chrome80 (feb/2019) the default behaviour of a cookie without a cookie samesite** **attribute will be lax** ([https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/](https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/)).\
Notice that temporary, after applying this change, the **cookies without a SameSite** **policy** in Chrome will be **treated as None** during the **first 2 minutes and then as Lax for top-level cross-site POST request.**
## Cookies Flags