[
https://issues.apache.org/jira/browse/OFBIZ-13284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18013724#comment-18013724
]
Jacques Le Roux commented on OFBIZ-13284:
-----------------------------------------
Thanks [~sandeeprajput20],
This makes sense to me (I did not test anything). I believe we should rather
backport for security reason. So I'll amend the Jira a bit.
> Set default security headers in writeJSONtoResponse and ensure SameSite
> cookie is returned
> ------------------------------------------------------------------------------------------
>
> Key: OFBIZ-13284
> URL: https://issues.apache.org/jira/browse/OFBIZ-13284
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/common
> Reporter: Sandeep Rajput
> Priority: Major
> Fix For: Upcoming Branch
>
>
> Currently, the writeJSONtoResponse method correctly sends the JSON response,
> but it does not include the SameSite attribute in the default security
> headers. As a result, the SameSite cookie is not returned in the browser
> response.
> *Expected Behavior:*
> # writeJSONtoResponse should set default security headers for the response.
> # SameSite attribute should be correctly applied to all cookies sent in the
> response.
> # The browser should receive and respect the SameSite cookie.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
