News
Quiz 6 Answers + Mistake for XSSI and SameSite cookies
Written on 14.12.2020 11:15 by Marius Steffens
I have just uploaded the answers to the quiz slides in the Materials.
Also be aware that there was a mistake on my part when discussing SameSite cookies and XSSI protection. Including a script into the page counts as a subresource request, which means for SameSite=Lax that cookies will not be sent along. This means that it is in fact protecting the application against XSSI.
Naturally, all the points raised before, e.g., older browsers not supporting SameSite cookies or setting SameSite=None remain problematic.
Sorry for the confusion!
Cheers,
Marius