[
https://issues.apache.org/jira/browse/KNOX-2824?focusedWorklogId=816295&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-816295
]
ASF GitHub Bot logged work on KNOX-2824:
----------------------------------------
Author: ASF GitHub Bot
Created on: 12/Oct/22 17:04
Start Date: 12/Oct/22 17:04
Worklog Time Spent: 10m
Work Description: lmccay commented on PR #647:
URL: https://github.com/apache/knox/pull/647#issuecomment-1276482671
> This introduces breaking change, changing to `strict` from `none`. it
would be difficult to figure out what went wrong given the errors are thrown on
the UI so debugging this would be challenging. Perhaps changing it to `Lax`
would be a compromise?
This will actually only break deployments that are relying on an insecure
setting. Making this Strict by default is the same as the change that added
Secure=true many years ago. In modern deployments, the SSO cookie is only being
presented to Knox itself and to therefore to the same domain. This should not
break deployments that are configured properly to do this. Now, we could
consider this a 2.0 release change and change the default for a new 1.6.x
release. 2.0 is a major release and can carry incompatible changes.
Issue Time Tracking
-------------------
Worklog Id: (was: 816295)
Time Spent: 0.5h (was: 20m)
> Make SameSite attribute on KnoxSSO Cookie Configurable
> ------------------------------------------------------
>
> Key: KNOX-2824
> URL: https://issues.apache.org/jira/browse/KNOX-2824
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The attribute for KnoxSSO cookie is currently hardocded.
> This improvement will make its value configurable to better accommodate
> various deployment scenarios.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
