[
https://issues.redhat.com/browse/WFLY-13003?page=com.atlassian.jira.plugi...
]
Masafumi Miura commented on WFLY-13003:
---------------------------------------
I've already raised UNDERTOW-1600 which is related to this feature.
I've just updated a PR for UNDERTOW-1600
https://github.com/undertow-io/undertow/pull/816 which contains the following changes:
- Add support for the SameSite=None attribute
- Add SameSiteCookieHandler that can set the SameSite attribute on all cookies
- Add a utility class SameSiteNoneIncompatibleClientChecker to detect user agents which
are incompatible with the SameSite=None attribute
Support the SameSite cookie attribute
-------------------------------------
Key: WFLY-13003
URL:
https://issues.redhat.com/browse/WFLY-13003
Project: WildFly
Issue Type: Feature Request
Components: Web (Undertow)
Reporter: Stuart Douglas
Assignee: Flavia Rainone
Priority: Major
Chrome 80 is going to significantly change how cookies are handled, as per this noticeĀ at
[1], with a bit of an explanation of what the same site attribute means at [2].
At the moment the Servlet specification has no way of setting this particular attribute,
and it is not possible to configureĀ it via container specific configuration in WildFly at
present (it can only be done by writing some Undertow specific code).
I propose we add a same-site-cookie-attribute predicated handler to undertow, which takes
an optional cookie name regex, and the value for the attribute to set.
This would allow users to configure the SameSite attribute based on cookie name, and also
potentially based on any other attributes including user agent, as it sounds like some
browsers may have bugs that means this might need to be set on a per user agent basis.
[1]
https://www.chromestatus.com/feature/5088147346030592
[2]
https://web.dev/samesite-cookies-explained/
--
This message was sent by Atlassian Jira
(v7.13.8#713008)