> -----Original Message----- > From: Adam Warfield <awarf...@opentext.com.INVALID> > Sent: woensdag 15 november 2023 16:49 > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: [EXTERNAL] - Re: Partitioned cookies > > That's strange. I was not aware the proposal had expired. I've been working > off of a few pages as it seemed Chrome/Edge were moving forward with > Firefox at least showing positive support without committing. > > https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/ > (October 2023) > > https://github.com/mozilla/standards-positions/issues/678 (Firefox showing > positive support, last updated 2022) > > https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies > > https://github.com/privacycg/CHIPS > > > Adam > > ________________________________________ > From: Chuck Caldarale <mailto:n82...@gmail.com> > Sent: Wednesday, November 15, 2023 9:48 AM > To: Tomcat Users List <mailto:users@tomcat.apache.org> > Subject: [EXTERNAL] - Re: Partitioned cookies > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you feel that the email is suspicious, please report it > using > PhishAlarm. > > >> On Nov 15, 2023, at 08:06, Adam Warfield >> <mailto:awarf...@opentext.com.INVALID> wrote: >> >> The Rfc6265CookieProcessor supports setting the SameSite cookie attribute >> but starting in 2024, browsers will begin enforcing the newer "Partitioned" >> attribute for third-party cookies. Is there a way to set this attribute >> within >> Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This affects >> any webapps that are embedded within iframes across domains where those >> cookies will be rejected if not partitioned. > > > Looks like the CHIPS proposal: > > https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/ > > > expired this past May and no updated version has been submitted to IETF. Is > there some other active standards document describing cookie partitioning? > > - Chuck
Standard or not, Google/Chrome is moving on and will (as noted above) soon start to gradually reject third-party cookies without the Partitioned attribute. I'm kindly asking the experts: is Tomcat support for this feature being planned? If not, what can be done to modestly prioritize it? André --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org