[keycloak-user] SameSite and Secure

Bruno Oliveira bruno at abstractj.org
Mon Oct 7 05:31:28 EDT 2019


Hi Matthew, even though I agree that this is something we should
consider to Keycloak, I don't see the warnings you mentioned in the
latest release using Chrome 77.0.3865.90 (Official Build) (64-bit).

Could you please provide the steps to reproduce the issue?

On Sat, Oct 5, 2019 at 8:28 AM Matthew Broadhead
<matthew.broadhead at nbmlaw.co.uk> wrote:
>
> keycloak-7.0.0
>
> sorry if this has been asked before, i did search around.
>
> just yesterday i started getting this message in javascript console:
>
> A cookie associated with a cross-site resource at
> https://secure.domain.tld/ was set without the `SameSite` attribute. A
> future release of Chrome will only deliver cookies with cross-site
> requests if they are set with `SameSite=None` and `Secure`. You can
> review cookies in developer tools under Application>Storage>Cookies and
> see more details at
> https://www.chromestatus.com/feature/5088147346030592 and
> https://www.chromestatus.com/feature/5633521622188032.
>
> is this because i am not passing certain headers through httpd proxy or
> is this something that needs implementing in keycloak?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 
- abstractj


More information about the keycloak-user mailing list