reiern70 commented on code in PR #566:
URL: https://github.com/apache/wicket/pull/566#discussion_r1155624709
##########
wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/wicket-ajaxdownload.js:
##########
@@ -28,7 +28,7 @@
Wicket.AjaxDownload = {
initiate : function(settings) {
document.cookie = settings.name +
- '=;path=/;Max-Age=0;expires=Thu, 01 Jan 1970
00:00:01 GMT';
+ '=;path=/;Max-Age=0;expires=Thu, 01 Jan 1970
00:00:01 GMT; SameSite=None; Secure';
Review Comment:
> I'm not sure regarding this change
>
> One of use-cases of our application is "Run inside `iframe`" This mode
requires modification of `webapps/_ctx_/META-INF/context.xml` And setting
>
> `<CookieProcessor sameSiteCookies="None" />` (Lax by default)
>
> So _maybe_ Servlet container can handle this?
I don't think so becase this is used by server side cookie processor like in
code bellow
to add the SameSite thing to server side generated cookies. Maybe the we
should make this configurable by passing some paramter to the JavaScript layer?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
