[ https://issues.apache.org/jira/browse/YARN-11661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17826972#comment-17826972 ]
Susheel Gupta commented on YARN-11661: -------------------------------------- Closing this ticket as a workaround exist. {code:java} <property> <name>hadoop.http.header.Set-Cookie</name> <value>SameSite=None; Secure</value> </property>{code} Adding this property in yarn-site.xml will fix this issue. Also "Secure" needs to be added as Set-Cookie was blocked because it had the "SameSite=None" attribute but did not have the "Secure" attribute, which is required in order to use "SameSite=None". https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#:~:text=This%20Set%2DCookie%20was%20blocked%20because%20it%20had%20the%20%22SameSite%3DNone%22%20attribute%20but%20did%20not%20have%20the%20%22Secure%22%20attribute%2C%20which%20is%20required%20in%20order%20to%20use%20%22SameSite%3DNone%22. > Adding new property to configure the "SameSite" cookie attribute on YARN UI > ---------------------------------------------------------------------------- > > Key: YARN-11661 > URL: https://issues.apache.org/jira/browse/YARN-11661 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn > Reporter: Susheel Gupta > Assignee: Susheel Gupta > Priority: Major > > If we use 'SameSite=Strict,' the browser would only send the cookie for > same-site requests, rendering cross-site sessions ineffective. > However, it’s worth noting that while using SameSite=None with TLS does > enhance the security of your cookies compared to using it without TLS, it > doesn’t provide complete security. Nevertheless, considering the necessity > for cross-site sessions, utilizing SameSite=None along with TLS can provide a > reasonable level of security. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org