Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
4 most recent check-ins related to "csrf-defense-enhancement"
|
2023-09-18
| ||
| 20:43 | Merge the CSRF-defense enhancements into trunk. check-in: 920ace1739 user: drh tags: trunk | |
| 17:13 | Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. Closed-Leaf check-in: fc5b49e990 user: drh tags: csrf-defense-enhancement | |
| 15:36 | Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. check-in: bc643c32f8 user: drh tags: csrf-defense-enhancement | |
| 15:24 | Fix forum-post approval buttons so that they send the CSRF token. check-in: bf9974cf8d user: drh tags: csrf-defense-enhancement | |