[jira] [Resolved] (SHIRO-793) deleteMe cookie should use the defined "sameSite"

Brian Demers (Jira) Sat, 17 Oct 2020 07:59:27 -0700


     [ 
https://issues.apache.org/jira/browse/SHIRO-793?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brian Demers resolved SHIRO-793.
--------------------------------
    Resolution: Resolved

> deleteMe cookie should use the defined "sameSite"
> -------------------------------------------------
>
>                 Key: SHIRO-793
>                 URL: https://issues.apache.org/jira/browse/SHIRO-793
>             Project: Shiro
>          Issue Type: Task
>            Reporter: Brian Demers
>            Priority: Major
>             Fix For: 2.0.0, 1.7.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> With Chrome increasing security of cookies not defining any SameSite options, 
> the deleteMe cookie may be blocked by Chrome under some circumstances.
> For example, when an app is used within a cross-site iframe, one must defined 
> the option SameSite=None option. This works for the main cookie, but the 
> deleteMe is currently blocked. This commit fixes this.
>  
> https://github.com/apache/shiro/pull/257



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (SHIRO-793) deleteMe cookie should use the defined "sameSite"

Reply via email to