utilities-procs-aolserver.tcl

  • last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve spelling

  1. … 14 more files in changeset.
- ad_set_cookie: add option "-samesite" and use it, when the server supports it (NaviServer 4.99.18)

- use "-samesite strict" per default on signed cookies

Background from NaviServer commit:

ns_setcookie: add flag "-samesite" with values "strict|lax|none"

When the flag is set it prevents the browser from

sending this cookie along with cross-site requests to mitigate cross site

scripting attacks. Permissible values are [term strict], [term lax],

or [term none] (default). While the value [term strict] prevents

sending the cookie to the target site in all cross-site browsing

context, the value of [term lax] allows sending the cookie when the

user clicks on regular links. For details, see

https://www.owasp.org/index.php/SameSite

This cookie flag is not yet part of an RFC, but most major browsers

support it. Browsers that do not support it, ignore the flag

silently (see https://caniuse.com/#search=samesite).

Although most cookies should probably use the flags, in order to

provide backward compatibility, the flag can't be activated by

default on all cookies.

  1. … 2 more files in changeset.
whitespace changes, added editor hints

  1. … 1 more file in changeset.
add partial abckword compatibility for ns_getcontent for AOLserver

make spelling of names more consistent

  1. … 5 more files in changeset.
improve documentation

  1. … 10 more files in changeset.
factor out more server speicifc code

  1. … 1 more file in changeset.
factor out naviserver and aolserver specific code

    • -0
    • +283
    ./utilities-procs-aolserver.tcl
  1. … 2 more files in changeset.