/
Configure SameSite value in cookie

Configure SameSite value in cookie

Owned by Suryakant Kashyap
Dec 13, 2024
1 min read

The SameSite attribute on a cookie tells the web browser whether the cookie should be included with cross-site requests, helping to mitigate Cross-Site Request Forgery (CSRF) attacks. The attribute has three possible values :

  • Strict: The cookie is only sent in a first-party context, blocking its inclusion in cross-site requests from third-party websites.

  • Lax: The cookie can be sent with cross-site GET requests triggered by top-level navigation from third-party websites, such as when a user clicks a link on an external site.

  • None: The cookie is explicitly configured to be sent by the browser in all contexts, including cross-site requests.

By default, the SameSite value is set to “lax“.

To change its value, pass cookie-samesite in the custom-values.yaml like this:

kfuse-auth: oauth2-proxy: extraArgs: cookie-samesite: "strict"

 

Related content

Configure Google OAuth2 Authentication
Configure Google OAuth2 Authentication
External
More like this
Disable non-SSO or htpassword based login
Disable non-SSO or htpassword based login
External
More like this
Configuring OKTA
Configuring OKTA
External
More like this
Configuring with JumpCloud
Configuring with JumpCloud
External
More like this
Single Sign On (SSO) support
Single Sign On (SSO) support
External
More like this
Adding users or changing password
Adding users or changing password
External
More like this