You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/ROOT/pages/features/exploits/csrf.adoc
-5
Original file line number
Diff line number
Diff line change
@@ -208,11 +208,6 @@ The user receives an email at https://email.example.org that includes a link to
208
208
If the user clicks on the link, they would rightfully expect to be authenticated to the social media site.
209
209
However, if the `SameSite` attribute is `Strict`, the cookie would not be sent and so the user would not be authenticated.
210
210
211
-
[NOTE]
212
-
====
213
-
We could improve the protection and usability of `SameSite` protection against CSRF attacks by implementing https://github.com/spring-projects/spring-security/issues/7537[gh-7537].
214
-
====
215
-
216
211
Another obvious consideration is that, in order for the `SameSite` attribute to protect users, the browser must support the `SameSite` attribute.
217
212
Most modern browsers do https://developer.mozilla.org/en-US/docs/Web/HTTP/headers/Set-Cookie#Browser_compatibility[support the SameSite attribute].
218
213
However, older browsers that are still in use may not.
0 commit comments