Home > mailing lists

Re: [pgAdmin4] To make session cookie more secure (Server mode) - Mailing list pgadmin-hackers

From	Dave Page
Subject	Re: [pgAdmin4] To make session cookie more secure (Server mode)
Date	May 9, 2018 19:05:08
Msg-id	CA+OCxoy49i8JJpbg253XJm7_JsmBpXOGTvyomYDkgHRrb_v=yQ@mail.gmail.com Whole thread Raw
In response to	[pgAdmin4] To make session cookie more secure (Server mode) (Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com>)
List	pgadmin-hackers

Tree view

Thanks, patch applied.

On Wed, May 9, 2018 at 8:33 AM, Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com> wrote:

Hi,

PFA minor patch to make to make session cookie more secure in Server mode.
We will set SESSION_COOKIE_SAMESITE='Lax' in the config file.
'Lax' option prevents sending cookies with CSRF-prone requests from external sites, such as submitting a form.
RM#3342

P
lease review.

--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgadmin-hackers by date:

From: Dave Page
Date: 09 May 2018, 19:04:53
Subject: pgAdmin 4 commit: Set SESSION_COOKIE_SAMESITE='Lax' per Flaskrecommend

From: Dave Page
Date: 09 May 2018, 19:06:20
Subject: pgAdmin 4 commit: Update release notes

Re: [pgAdmin4] To make session cookie more secure (Server mode) - Mailing list pgadmin-hackers

Previous

Next