On 14/12/2023 21:15, André van der Lugt wrote:
From: Chuck Caldarale <mailto:n82...@gmail.com>
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List <mailto:users@tomcat.apache.org>
Subject: [EXTERNAL] - Re: Partitioned cookies
On Nov 15, 2023, at 08:06, Adam Warfield
<mailto:awarf...@opentext.com.INVALID> wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie attribute
but starting in 2024, browsers will begin enforcing the newer "Partitioned"
attribute for third-party cookies. Is there a way to set this attribute within
Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This affects
any webapps that are embedded within iframes across domains where those
cookies will be rejected if not partitioned.
Looks like the CHIPS proposal:
https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/
expired this past May and no updated version has been submitted to IETF. Is
there some other active standards document describing cookie partitioning?
- Chuck
Standard or not, Google/Chrome is moving on and will (as noted above) soon
start to gradually reject third-party cookies without the Partitioned attribute.
I'm kindly asking the experts: is Tomcat support for this feature being planned?
No.
If not, what can be done to modestly prioritize it?
Open an enhancement request in Bugzilla. Better still, provide a PR to
implement the change.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org