Vulnerability mitigation

2021-05-28 17:02:01 -04:00
parent 9043ccb0e2
commit 0a39b60eee
17 changed files with 95 additions and 27 deletions
--- a/src/Misc/Csrf.php
+++ b/src/Misc/Csrf.php
@@ -21,7 +21,7 @@ class Csrf
                    'expires' => $token->expiry,
                    'secure' => true,
                    'httponly' => true,
-                    'samesite' => 'None',
+                    'samesite' => 'Strict',
                ]);

 		return $_SESSION['csrftokens'][$page] = $token;