Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove outdated note 

Closes gh-15263
This commit is contained in:
Marcus Hert Da Coregio 2024-06-17 08:12:54 -03:00
parent 982ee7dc17
commit 8fd9997a47
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/modules/ROOT/pages/features/exploits/csrf.adoc
View File

@ -208,11 +208,6 @@ The user receives an email at https://email.example.org that includes a link to
If the user clicks on the link, they would rightfully expect to be authenticated to the social media site.
However, if the `SameSite` attribute is `Strict`, the cookie would not be sent and so the user would not be authenticated.
[NOTE]
====
We could improve the protection and usability of `SameSite` protection against CSRF attacks by implementing https://github.com/spring-projects/spring-security/issues/7537[gh-7537].
====
Another obvious consideration is that, in order for the `SameSite` attribute to protect users, the browser must support the `SameSite` attribute.
Most modern browsers do https://developer.mozilla.org/en-US/docs/Web/HTTP/headers/Set-Cookie#Browser_compatibility[support the SameSite attribute].
However, older browsers that are still in use may not.