[jboss-jira] [JBoss JIRA] (WFLY-13003) Support the SameSite cookie attribute
Stuart Douglas (Jira)
issues at jboss.org
Tue Jan 21 18:18:17 EST 2020
Stuart Douglas created WFLY-13003:
-------------------------------------
Summary: Support the SameSite cookie attribute
Key: WFLY-13003
URL: https://issues.redhat.com/browse/WFLY-13003
Project: WildFly
Issue Type: Feature Request
Components: Web (Undertow)
Reporter: Stuart Douglas
Assignee: Flavia Rainone
Chrome 80 is going to significantly change how cookies are handled, as per this notice at [1], with a bit of an explanation of what the same site attribute means at [2].
At the moment the Servlet specification has no way of setting this particular attribute, and it is not possible to configure it via container specific configuration in WildFly at present (it can only be done by writing some Undertow specific code).
I propose we add a same-site-cookie-attribute predicated handler to undertow, which takes an optional cookie name regex, and the value for the attribute to set.
This would allow users to configure the SameSite attribute based on cookie name, and also potentially based on any other attributes including user agent, as it sounds like some browsers may have bugs that means this might need to be set on a per user agent basis.
[1] https://www.chromestatus.com/feature/5088147346030592
[2] https://web.dev/samesite-cookies-explained/
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list