Identity Manager Community

Forum Domain for the CSRF protection cookie

Domain for the CSRF protection cookie

chetan paliwal 9 months ago

Hi All,

We want to pass the multple domain in Domain for the CSRF protection cookie values.

We have tried by comma separated but it creates issue with XSRF token. can you please tell if we use comma or semicolon.

is it multi-valued? how to pass different domains.

Parents

0 Hanno Bunjes 9 months ago

Hello,

This is not possible, please see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#domaindomain-value for the specification of what a cookie domain can be.

Supporting multiple domains is only possible if all are subdomains of a higher order domain.

Hope this helps,
Hanno
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 Hanno Bunjes 9 months ago

Hello,

This is not possible, please see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#domaindomain-value for the specification of what a cookie domain can be.

Supporting multiple domains is only possible if all are subdomains of a higher order domain.

Hope this helps,
Hanno
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

No Data