Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
5 most recent check-ins related to "csrf-defense-enhancement"
2023-09-18
| ||
20:43 | Merge the CSRF-defense enhancements into trunk. ... (check-in: 920ace17 user: drh tags: trunk) | |
17:13 | Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. ... (Closed-Leaf check-in: fc5b49e9 user: drh tags: csrf-defense-enhancement) | |
15:36 | Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. ... (check-in: bc643c32 user: drh tags: csrf-defense-enhancement) | |
15:24 | Fix forum-post approval buttons so that they send the CSRF token. ... (check-in: bf9974cf user: drh tags: csrf-defense-enhancement) | |
15:10 | More intensive use of the Synchronizer Token Pattern for CSRF defense. ... (check-in: 0a66be2b user: drh tags: csrf-defense-enhancement) | |