[jira] [Resolved] (DELTASPIKE-1413) dsrwid cookie should not be set to sameSite="None"

Mark Struberg (Jira) Fri, 05 Mar 2021 13:38:05 -0800


     [ 
https://issues.apache.org/jira/browse/DELTASPIKE-1413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mark Struberg resolved DELTASPIKE-1413.
---------------------------------------
    Fix Version/s: 1.9.5
       Resolution: Fixed

txs for the report!

> dsrwid cookie should not be set to sameSite="None"
> --------------------------------------------------
>
>                 Key: DELTASPIKE-1413
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1413
>             Project: DeltaSpike
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Matthias Walliczek
>            Assignee: Mark Struberg
>            Priority: Critical
>             Fix For: 1.9.5
>
>
> Currently the dsrwid cookie set by the lazy window handler is set to 
> secure=false and sameSite=None.
> This combination will not be allowed by Firefox in the future. See 
> [https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite.|https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite]
> Instead sameSite should be set to "lax", which is default in modern browsers.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (DELTASPIKE-1413) dsrwid cookie should not be set to sameSite="None"

Reply via email to