This should be a good starting point

Cookie Interface and Impl
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/Cookie.java
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/CookieImpl.java

CookieUtil
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/Cookies.java

Setting a response cookie
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1120

This was just a quick glance. I'm not sure exactly where the header is set but this should be a good start.

Bill

On Thu, Mar 2, 2017 at 2:15 PM, Sven Kubiak <sven@kubiak.me> wrote:

I have looked at the current Cookie Implementation in Undetow, and it seems like there is no support for the Same-Site Cookie Attribute.

 

See: https://scotthelme.co.uk/csrf-is-dead/

 

I’ll be happy to create a pull request, if someone could point me to the right classes (and test cases) where the response headers for the cookies are being set.

 

Best regards,

Sven


_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev