[
https://issues.apache.org/jira/browse/KNOX-2824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17616598#comment-17616598
]
Larry McCay commented on KNOX-2824:
-----------------------------------
[~smore] mentioned on the PR that this is an incompatible change since I
changed the default to Strict rather than the previous of None.
While this does change the default value, it does so to be more secure.
Anyone that is depending on an insecure default should find this out and either
remove that dependency or explicitly change the config to be less secure with
'Lax' to meet their needs.
More than likely, SSO requests are going to the Knox gateway directly these
days which will work with 'Strict'.
> Make SameSite attribute on KnoxSSO Cookie Configurable
> ------------------------------------------------------
>
> Key: KNOX-2824
> URL: https://issues.apache.org/jira/browse/KNOX-2824
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The attribute for KnoxSSO cookie is currently hardocded.
> This improvement will make its value configurable to better accommodate
> various deployment scenarios.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
