]
Brian Stansberry updated WFLY-13003:
------------------------------------
Fix Version/s: 19.1.0.Final
20.0.0.Beta1
Support the SameSite cookie attribute
-------------------------------------
Key: WFLY-13003
URL:
https://issues.redhat.com/browse/WFLY-13003
Project: WildFly
Issue Type: Feature Request
Components: Web (Undertow)
Reporter: Stuart Douglas
Assignee: Flavia Rainone
Priority: Major
Fix For: 19.1.0.Final, 20.0.0.Beta1
Chrome 80 is going to significantly change how cookies are handled, as per this noticeĀ at
[1], with a bit of an explanation of what the same site attribute means at [2].
At the moment the Servlet specification has no way of setting this particular attribute,
and it is not possible to configureĀ it via container specific configuration in WildFly at
present (it can only be done by writing some Undertow specific code).
I propose we add a same-site-cookie-attribute predicated handler to undertow, which takes
an optional cookie name regex, and the value for the attribute to set.
This would allow users to configure the SameSite attribute based on cookie name, and also
potentially based on any other attributes including user agent, as it sounds like some
browsers may have bugs that means this might need to be set on a per user agent basis.
[1]
https://www.chromestatus.com/feature/5088147346030592
[2]
https://web.dev/samesite-cookies-explained/