For security reasons I suggest these cookies JSESSIONID, CSRF_TOKEN, NextURL be set to SameSite in Resilient.

For security reasons I suggest these cookies JSESSIONID, CSRF_TOKEN, NextURL be set to SameSite in Resilient.

  • Guest
  • Oct 19 2020
  • Future consideration
  • Attach files
  • Guest commented
    20 Jan 07:50pm

    Thank you for the insight,

  • Admin
    MARTIN FEENEY commented
    20 Jan 09:49am

    We have no current plans to address this request so I'd proceed with your risk acceptance based on this for now.

  • Guest commented
    19 Jan 04:12pm

    Our internal testing teams continue to find NextURL cookie does not have the SameSite attribute set. validation failed.

    If this consideration will not be put in place please advise as we will need to mark this as a risk acceptance based on vendor configuration.

  • Admin
    MARTIN FEENEY commented
    23 Nov, 2020 05:20pm

    FYI, We have built-in CSRF protection already just to put the SameSite protection into context.