I would like to secure my cookies using SameSite=strict. But is there a way to allow it to be accessed by few domains alone?
Samesite cookie but allow specific domain
873 Views Asked by JC Raja At
2
There are 2 best solutions below
0
Heiko Theißen
On
Take a look at the upcoming First Party Sets proposal from Google. This allows certain domains to be treated as if requests between them were same-site.
Note, however, that this is still in an early stage, is for now Google-specific and requires you to register the domains in a public repository.
Related Questions in GOOGLE-CHROME
- detect requests calls in a url similar to network in chrome dev tools
- Html File Input on Chrome for Android missing extension and mime type
- Angular multiple http requests chrome android
- Interact with chrome bookmarks outside of extensions
- Animation Blink not working properly on Chrome
- Can't use subdomain in Chrome using Apache (XAMPP)
- How to start Chrome Hosted App in window?
- Webpage - Font size of table items on mobile phone browsers changes
- Could Not Instantiate Mail Function - PHPMailer - With Attachments - Only Google Chrome
- Chrome print preview disable only link location in footer and header
- CSS spinner sequence not working smoothly in iOS Chrome?
- google chrome remove automatically td when it is not in table and tr
- selecting and using textPath elements in Chrome
- Can I create and publish extension to the Chrome Store from my website?
- How can I get a button on the side of a text box to be perfectly aligned all the time?
Related Questions in COOKIES
- Scrapy encountered http status <521>
- NodeJS not getting cookie
- How to accept cookies when using a webservice - Android?
- I Want to get the page count using cookie
- Superagent share session / cookie info with actual browser
- CookieContainer does not store cookies for internationalized domain names
- Setting a cookie in Wordpress functions.php - cant echo it using an other function
- JavaScript's document.cookie does not replace cookie in the subdomain
- How to assign cookie expiry date?
- How to read a JavaScript cookie?
- How can I redirect to an error page in my Play app?
- Python - Cookies & BeautifulSoup
- Express.js CookieParser does not get Angular.js $cookies
- Check Cookies AND Session in Same IF Statement
- How do I read the value of a cookie that comes with a cross domain image?
Related Questions in SETCOOKIE
- AWS ELB Load Balancer: is it possible to set multiple session cookies?
- How should I handle a 'Remember me' option during PHP login?
- PHP Cookie to Track/Limit Website Joins (Preventing Automated Account Creation)
- How to set cookies in Goutte?
- Javascript Cookie function only working on index file
- setcookie() is not setting any cookies
- WordPress - Can't get directly cookies
- Set Cookie with Swift 3
- Change value cookie by clicking button
- set the expiration date for a specific domain
- how to create a cookie in php to exist in a different domain
- PHP unset cookie and setcookie not responding
- Appending value to set-cookie header in beresp. in Varnish 2.1
- Using functions like header() and setCookie() after output in a website
- PHP parse json array with cookies and set all cookies from it
Related Questions in SAMESITE
- Getting SameSite cookie issues with Azure AD authentication with downstream WebAPI
- Samesite for jessessionId cookie can be set only from response
- Why can my website load bootstrap js but not quilljs with the new chrome cookie rules?
- Workaround for samesite cookies in identity used in .net core 1.x
- IE 11 is not accepting SameSite cookies
- same site content secure policy
- Setting the samesite cookie attrbute using resteasy
- Having trouble with same-site cookie and redirect from external website
- Unable to set SameSite=None PHP 7.4 no error no warning
- Does the HTTP request header Sec-Fetch-Mode value "navigate" indicate top-level navigation used in SameSite cookie policy?
- Why Cookies with SameSite=None aren't sent within an <iframe> in Firefox and Chrome?
- How to set property SameSite=None for a auth cookie autogenerated by user identity in .net?
- Chrome 3rd party cookie in iframe (SameSite=None; Secure)
- Storing jwt in httponly cookie requires both frontend and backend apps to be on the same domain (MERN)
- SpringBoot - How I can configure samesite none Csrf Cookie (Spring Security 6.2)
Related Questions in CROSS-SITE
- Brakeman exit on warn cross-scripting error unsafe parameter value
- How to make cross site HTTP GET JSON request
- how does scribefire or deepest sender circumvent same origin policy restriction?
- cross site sharing UI without iframe
- Servers that supports CORS?
- running GWT application from remote machine
- How to get data from cross-site? I'm using $.post
- Making a HTTP POST request to a website with reCaptcha
- Setting a cookie on a different domain?
- Cross site XMLHttpRequest Content Security Policy directive workaround?
- Will cookies be sent in cross-site context if sent between domain and subdomain?
- SpringBoot - How I can configure samesite none Csrf Cookie (Spring Security 6.2)
- Scrptservice Webservice in MS VS 2005 and HTTP POST/CORS/Firefox
- Making Cross Site Asynchronous HTTP Post from GWT Client
- Samesite cookie but allow specific domain
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Whitelisting
strictreferral domains would be a fantastic enhancement to cookie mgmt, but AFAIK this doesn't exist.I am evaluating my own solution to set cookies to
LAXand then implementing my own whitelist that permits specific referrers, if the referring/redirecting website is not on the whitelist to then delete all cookies and force user to the login page. This would momentarily list/present existing cookies, which could be captured, but would be useless because the page(s) that were redirected to would immediately delete the cookies because the referrer wasn't whitelisted.