[jira] [Commented] (WICKET-7037) [Ajax Download] cookie used to track download complete misses the SameSite attribute

Mon, 03 Apr 2023 02:04:07 -0700 


    [ 
https://issues.apache.org/jira/browse/WICKET-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707844#comment-17707844
 ] 

ASF GitHub Bot commented on WICKET-7037:
----------------------------------------

reiern70 commented on PR #566:
URL: https://github.com/apache/wicket/pull/566#issuecomment-1493946725

   > 
   
   I have no idea... Af far as I udnerestand from code this is only used in 
order to trigger donwload finished event.  Correct? We are not using that event 
in our application but we get that warning form client side when cookie is 
"deleted" by seeting a date in the past. Thus even if it is not inpacting us we 
would preffer this not to apear in borwser "logs".
   
   Another thing that I'm wondering and I will try to investigate is if we do 
not have a "memory leak" with this cookie after server side is notified 
donwload finished.
   
   We are using a lot AjaxDownload in our app as "normal" download causes web 
socket disconnections on FF




> [Ajax Download] cookie used to track download complete misses the SameSite 
> attribute
> ------------------------------------------------------------------------------------
>
>                 Key: WICKET-7037
>                 URL: https://issues.apache.org/jira/browse/WICKET-7037
>             Project: Wicket
>          Issue Type: Bug
>            Reporter: Ernesto Reinaldo Barreiro
>            Assignee: Ernesto Reinaldo Barreiro
>            Priority: Major
>         Attachments: image-2023-04-02-11-58-25-399.png
>
>
> Firefox produces the following warining when using AjaxDownload
> Cookie “wicket-ajaxdownload-id63-0” does not have a proper “SameSite” 
> attribute value. Soon, cookies without the “SameSite” attribute or with an 
> invalid value will be treated as “Lax”. This means that the cookie will no 
> longer be sent in third-party contexts. If your application depends on this 
> cookie being available in such contexts, please add the “SameSite=None“ 
> attribute to it. To know more about the “SameSite“ attribute, read 
> [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite]
>  
> from 
>  
> !image-2023-04-02-11-58-25-399.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to