[jira] [Updated] (DELTASPIKE-1435) dsrwid cookie should not be set to sameSite="None" - again

2023-03-31 Thread Thomas Andraschko (Jira) 


 [ 
https://issues.apache.org/jira/browse/DELTASPIKE-1435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Andraschko updated DELTASPIKE-1435:
--
Fix Version/s: 2.0

> dsrwid cookie should not be set to sameSite="None" - again
> --
>
> Key: DELTASPIKE-1435
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1435
> Project: DeltaSpike
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>Affects Versions: 1.9.5
>Reporter: Juri Berlanda
>Priority: Major
> Fix For: 2.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Very similar to DELTASPIKE-1413, this refers to the missing {{SameSite}} 
> attribute in {{windowhandler.js}} 
> (https://github.com/apache/deltaspike/blob/deltaspike-1.9.5/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js#L619)
> This means, that the following warning still appears in Firefox (tested on 
> 90.0.2):
> {quote}Cookie “dsrwid-326” will be soon rejected because it has the 
> “SameSite” attribute set to “None” or an invalid value, without the “secure” 
> attribute. To know more about the “SameSite“ attribute, read 
> https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 
> windowhandler.js.xhtml:17:364{quote}
> Now, I'd propose to set the cookie to {{SameSite=Strict}} here, too. PR is in 
> the works.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (DELTASPIKE-1435) dsrwid cookie should not be set to sameSite="None" - again

2021-08-13 Thread Juri Berlanda (Jira) 


 [ 
https://issues.apache.org/jira/browse/DELTASPIKE-1435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Juri Berlanda updated DELTASPIKE-1435:
--
Description: 
Very similar to DELTASPIKE-1413, this refers to the missing {{SameSite}} 
attribute in {{windowhandler.js}} 
(https://github.com/apache/deltaspike/blob/deltaspike-1.9.5/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js#L619)

This means, that the following warning still appears in Firefox (tested on 
90.0.2):

{quote}Cookie “dsrwid-326” will be soon rejected because it has the “SameSite” 
attribute set to “None” or an invalid value, without the “secure” attribute. To 
know more about the “SameSite“ attribute, read 
https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 

windowhandler.js.xhtml:17:364{quote}

Now, I'd propose to set the cookie to {{SameSite=Strict}} here, too. PR is in 
the works.

  was:
Very similar to DELTASPIKE-1413, this refers to the missing {{SameSite}} 
attribute in {{ windowhandler.js}} 
(https://github.com/apache/deltaspike/blob/deltaspike-1.9.5/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js#L619)

This means, that the following warning still appears in Firefox (tested on 
90.0.2):

{quote}Cookie “dsrwid-326” will be soon rejected because it has the “SameSite” 
attribute set to “None” or an invalid value, without the “secure” attribute. To 
know more about the “SameSite“ attribute, read 
https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 

windowhandler.js.xhtml:17:364{quote}

Now, I'd propose to set the cookie to {{SameSite=Strict}} here, too. PR is in 
the works.


> dsrwid cookie should not be set to sameSite="None" - again
> --
>
> Key: DELTASPIKE-1435
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1435
> Project: DeltaSpike
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>Affects Versions: 1.9.5
>Reporter: Juri Berlanda
>Priority: Major
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Very similar to DELTASPIKE-1413, this refers to the missing {{SameSite}} 
> attribute in {{windowhandler.js}} 
> (https://github.com/apache/deltaspike/blob/deltaspike-1.9.5/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js#L619)
> This means, that the following warning still appears in Firefox (tested on 
> 90.0.2):
> {quote}Cookie “dsrwid-326” will be soon rejected because it has the 
> “SameSite” attribute set to “None” or an invalid value, without the “secure” 
> attribute. To know more about the “SameSite“ attribute, read 
> https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 
> windowhandler.js.xhtml:17:364{quote}
> Now, I'd propose to set the cookie to {{SameSite=Strict}} here, too. PR is in 
> the works.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)