Web Security Ben Stock

News

Quiz 6 Answers + Mistake for XSSI and SameSite cookies

Written: 14.12.2020 11:15 Written By: Marius Steffens

I have just uploaded the answers to the quiz slides in the Materials.

Also be aware that there was a mistake on my part when discussing SameSite cookies and XSSI protection. Including a script into the page counts as a subresource request, which means for SameSite=Lax that cookies will not be sent along. This means that it is in fact protecting the application against XSSI.

Naturally, all the points raised before, e.g., older browsers not supporting SameSite cookies or setting SameSite=None remain problematic.

Sorry for the confusion!

Cheers,
Marius



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators