Hello everyone! Late last week i have been working on how to make Cookies more secure in OpenMRS and i have been able to send a pull request.
I was advised to set the SameSite attribute to strict because it will protect OpenMRS against CSRF attacks via GET requests. Such attacks are not normally possible since they rely on the server implementing GET endpoints with side effects (incorrectly and in violation of the semantics specified by RFC 7231)
The pull request attached as link above shows the different alternatives i have tried. I request for assistance.
thanks
cc @dkayiwa @isears @sharif @mozzy @herbert24 @ibacher and anyone else