readthedocs.org
4a8f937d - Set session cookie `SameSite` attribute to `Lax` for main site (#11721)

Commit
1 year ago
Set session cookie `SameSite` attribute to `Lax` for main site (#11721) We are now injecting ads via addons, which doesn't make use of the sustainability endpoint. That endpoint was used to check if the user was a Gold member, and not show ads to them. The usage of the sustainability API was he only reason to set the `SameSite` attribute to `None`. Using Lax is more secure, as browser will never send the cookie in a cross-site request.
Author
Parents
Loading