BIN: Adds SameSite check in analyse-headers script

The script will now warn you if the SameSite option is not set to Strict on cookies.
4 years ago · fb5d25dc6c
parent c384064641
commit fb5d25dc6c
1 changed files with 7 additions and 0 deletions
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@ -248,6 +248,13 @@ methods like XSS, they may be able to steal the contents of cookies\n\n"
 sent over unencrypted channels\n\n"
 		ret=$((ret>1 ? ret : 1))
 	fi
+
+	if ! echo "$value" | grep -q "SameSite=Strict"; then
+		output+="SameSite controls whether a cookie is sent with cross-origin requests, \
+providing some protection against cross-site request forgery attacks.
+Strict means the browser sends the cookie only for same-site requests\n\n"
+		ret=$((ret>1 ? ret : 1))
+	fi
 	
 	if [ "$ret" -gt 0 ]; then
 		echo "Set-Cookie: $cookieName" | drawInBox