I have looked at the current Cookie Implementation in Undetow, and it seems like there is no support for the Same-Site Cookie Attribute.

 

See: https://scotthelme.co.uk/csrf-is-dead/

 

I’ll be happy to create a pull request, if someone could point me to the right classes (and test cases) where the response headers for the cookies are being set.

 

Best regards,

Sven