[keycloak-user] SameSite and Secure

Matthew Broadhead matthew.broadhead at nbmlaw.co.uk
Sat Oct 5 07:28:35 EDT 2019


keycloak-7.0.0

sorry if this has been asked before, i did search around.

just yesterday i started getting this message in javascript console:

A cookie associated with a cross-site resource at 
https://secure.domain.tld/ was set without the `SameSite` attribute. A 
future release of Chrome will only deliver cookies with cross-site 
requests if they are set with `SameSite=None` and `Secure`. You can 
review cookies in developer tools under Application>Storage>Cookies and 
see more details at 
https://www.chromestatus.com/feature/5088147346030592 and 
https://www.chromestatus.com/feature/5633521622188032.

is this because i am not passing certain headers through httpd proxy or 
is this something that needs implementing in keycloak?


More information about the keycloak-user mailing list