[keycloak-user] SameSite and Secure
Matthew Broadhead
matthew.broadhead at nbmlaw.co.uk
Mon Oct 7 10:41:44 EDT 2019
Hi Bruno,
i see the warnings in exactly the same version of chrome as you Version
77.0.3865.90 (Official Build) (64-bit) in fedora
the same warning is showing in the console for a JSF application and
vue.js application and says the cookie originates from the domain where
my keycloak installation is located.
i will continue to check if it is a problem with my httpd proxy i just
thought you should know about this message
On 07/10/2019 11:31, Bruno Oliveira wrote:
> Hi Matthew, even though I agree that this is something we should
> consider to Keycloak, I don't see the warnings you mentioned in the
> latest release using Chrome 77.0.3865.90 (Official Build) (64-bit).
>
> Could you please provide the steps to reproduce the issue?
>
> On Sat, Oct 5, 2019 at 8:28 AM Matthew Broadhead
> <matthew.broadhead at nbmlaw.co.uk> wrote:
>> keycloak-7.0.0
>>
>> sorry if this has been asked before, i did search around.
>>
>> just yesterday i started getting this message in javascript console:
>>
>> A cookie associated with a cross-site resource at
>> https://secure.domain.tld/ was set without the `SameSite` attribute. A
>> future release of Chrome will only deliver cookies with cross-site
>> requests if they are set with `SameSite=None` and `Secure`. You can
>> review cookies in developer tools under Application>Storage>Cookies and
>> see more details at
>> https://www.chromestatus.com/feature/5088147346030592 and
>> https://www.chromestatus.com/feature/5633521622188032.
>>
>> is this because i am not passing certain headers through httpd proxy or
>> is this something that needs implementing in keycloak?
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list