BIN: Adds SameSite check in analyse-headers script
The script will now warn you if the SameSite option is not set to Strict on cookies.
This commit is contained in:
Jonathan Hodgson
parent
c384064641
commit
fb5d25dc6c
1 changed files with 7 additions and 0 deletions
|
|
@ -248,6 +248,13 @@ methods like XSS, they may be able to steal the contents of cookies\n\n"
|
|||
sent over unencrypted channels\n\n"
|
||||
ret=$((ret>1 ? ret : 1))
|
||||
fi
|
||||
|
||||
if ! echo "$value" | grep -q "SameSite=Strict"; then
|
||||
output+="SameSite controls whether a cookie is sent with cross-origin requests, \
|
||||
providing some protection against cross-site request forgery attacks.
|
||||
Strict means the browser sends the cookie only for same-site requests\n\n"
|
||||
ret=$((ret>1 ? ret : 1))
|
||||
fi
|
||||
|
||||
if [ "$ret" -gt 0 ]; then
|
||||
echo "Set-Cookie: $cookieName" | drawInBox
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue