<div dir="ltr">This should be a good starting point<div><br></div><div>Cookie Interface and Impl</div><div><a href="https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/Cookie.java">https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/Cookie.java</a><br></div><div><a href="https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/CookieImpl.java">https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/CookieImpl.java</a><br></div><div><br></div><div>CookieUtil</div><div><a href="https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/Cookies.java">https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/Cookies.java</a><br></div><div><br></div><div>Setting a response cookie</div><div><a href="https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1120">https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1120</a><br></div><div><br></div><div>This was just a quick glance. I'm not sure exactly where the header is set but this should be a good start.</div><div><br></div><div>Bill</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 2, 2017 at 2:15 PM, Sven Kubiak <span dir="ltr"><<a href="mailto:sven@kubiak.me" target="_blank">sven@kubiak.me</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="DE" link="#0563C1" vlink="#954F72">
<div class="m_-6087893476152003955WordSection1">
<p class="MsoNormal"><span lang="EN-US">I have looked at the current Cookie Implementation in Undetow, and it seems like there is no support for the Same-Site Cookie Attribute.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">See: <a href="https://scotthelme.co.uk/csrf-is-dead/" target="_blank">
https://scotthelme.co.uk/csrf-<wbr>is-dead/</a><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I’ll be happy to create a pull request, if someone could point me to the right classes (and test cases) where the response headers for the cookies are being set.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal">Best regards,<u></u><u></u></p>
<p class="MsoNormal">Sven<u></u><u></u></p>
</div>
</div>
<br>______________________________<wbr>_________________<br>
undertow-dev mailing list<br>
<a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/undertow-dev</a><br></blockquote></div><br></div>