Does setting cookies 'SameSite=none; Secure' and providing CSRF-TOKEN suffice to prevent CSRF in embeddable web application?

后端未结

关注

 0  1770

My web application (myApp further) is embedded in iframe of a single third-party webpage. MyApp sets cookie Set-Cookie: JSESSIONID=38FE580EE7D8CACA581532DD37A19182; Path=/


                      
              相关标签: