-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0803
Ulrich Berntien edited this page Sep 8, 2020
·
2 revisions
cookie '${cookie_name}' has SameSite set to 'lax'
In the message output the variable ${cookie_name} is replaced by the name of the cookie.
A cookie was found in the HTTP response that has SameSite attribute with value lax.
The SameSite attribute defines in which HTTP requests the cookie should be sent from the web browser to the server.
A restriction to a first-party context (value Strict) reduces the receiver of the cookie.
A cookie with Lax setting will be sent in a third-party context also.
Set the value of the SameSite attribute to Strict in your web application, if the web application can work with this setting.
Use the lax setting only if your web application needs the cookie in a third-party context.