Chrome announced plans that it is changing [1] its default policy regarding the 
SameSite cookie
attribute. Currently it is treated as "SameSite=None", the default will become 
"SameSite=Lax".  This
means that for applications that are dependant on cross site posts, the 
SameSite=none attribute has
to be explicitly set.

For the cookies emitted by Haproxy itself, the SameSite attribute cannot be set 
it seems. The
documentation on rsprep and repsirep states that the header manipulation only 
works for traffic
passsing through Haproxy, not for headers set by Haproxy itself.

Is there another way to set that attribute on cookies emitted by Haproxy?

Thanks in advance,

Bart Geesink

[1] https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html

Reply via email to