Stuart Douglas created WFLY-13003: ------------------------------------- Summary: Support the SameSite cookie attribute Key: WFLY-13003 URL: https://issues.redhat.com/browse/WFLY-13003 Project: WildFly Issue Type: Feature Request Components: Web (Undertow) Reporter: Stuart Douglas Assignee: Flavia Rainone Chrome 80 is going to significantly change how cookies are handled, as per this notice at [1], with a bit of an explanation of what the same site attribute means at [2]. At the moment the Servlet specification has no way of setting this particular attribute, and it is not possible to configure it via container specific configuration in WildFly at present (it can only be done by writing some Undertow specific code). I propose we add a same-site-cookie-attribute predicated handler to undertow, which takes an optional cookie name regex, and the value for the attribute to set. This would allow users to configure the SameSite attribute based on cookie name, and also potentially based on any other attributes including user agent, as it sounds like some browsers may have bugs that means this might need to be set on a per user agent basis. [1] https://www.chromestatus.com/feature/5088147346030592 [2] https://web.dev/samesite-cookies-explained/ -- This message was sent by Atlassian Jira (v7.13.8#713008)