utilities-procs-naviserver.tcl

  • last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve spelling

  1. … 14 more files in changeset.
- ad_set_cookie: add option "-samesite" and use it, when the server supports it (NaviServer 4.99.18)

- use "-samesite strict" per default on signed cookies

Background from NaviServer commit:

ns_setcookie: add flag "-samesite" with values "strict|lax|none"

When the flag is set it prevents the browser from

sending this cookie along with cross-site requests to mitigate cross site

scripting attacks. Permissible values are [term strict], [term lax],

or [term none] (default). While the value [term strict] prevents

sending the cookie to the target site in all cross-site browsing

context, the value of [term lax] allows sending the cookie when the

user clicks on regular links. For details, see

https://www.owasp.org/index.php/SameSite

This cookie flag is not yet part of an RFC, but most major browsers

support it. Browsers that do not support it, ignore the flag

silently (see https://caniuse.com/#search=samesite).

Although most cookies should probably use the flags, in order to

provide backward compatibility, the flag can't be activated by

default on all cookies.

  1. … 2 more files in changeset.
don't raise exception when folder_path is empty

  1. … 1 more file in changeset.
make spelling of names more consistent

  1. … 5 more files in changeset.
improve documentation

    • -11
    • +10
    ./utilities-procs-naviserver.tcl
  1. … 10 more files in changeset.
factor out naviserver and aolserver specific code

    • -0
    • +191
    ./utilities-procs-naviserver.tcl
  1. … 2 more files in changeset.