[jira] [Created] (DELTASPIKE-1413) dsrwid cookie should not be set to sameSite "None"

Matthias Walliczek (Jira) Wed, 15 Jul 2020 07:09:21 -0700

Matthias Walliczek created DELTASPIKE-1413:
----------------------------------------------


             Summary: dsrwid cookie should not be set to sameSite "None"
                 Key: DELTASPIKE-1413
                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1413
             Project: DeltaSpike
          Issue Type: Bug
      Security Level: public (Regular issues)
            Reporter: Matthias Walliczek


Currently the dsrwid cookie set by the lazy window handler is set to 
secure=false and sameSite=None.

This combination will not be allowed by Firefox in the future. See 
[https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite.|https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite]

Instead sameSite should be set to "lax", which is default in modern browsers.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (DELTASPIKE-1413) dsrwid cookie should not be set to sameSite "None"

Reply via email to