X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.25a (ClamAV 0.103.11/27198) X-Junk-Score: 0 [] X-KAS-Score: 0 [] Return-Path: Received: from mail.triptera.au ([175.45.182.215] verified) by post.selbstdenker.com (CommuniGate Pro SMTP 6.3.18) with ESMTPS id 32127870 for webobjects-dev@wocommunity.org; Wed, 28 Feb 2024 00:26:39 +0100 Received-SPF: pass receiver=post.selbstdenker.com; client-ip=175.45.182.215; envelope-from=tim@triptera.com.au Received: from localhost (localhost [127.0.0.1]) by mail.triptera.au (Postfix) with ESMTP id 3C038A04EA for ; Wed, 28 Feb 2024 09:26:24 +1000 (AEST) X-Virus-Scanned: Debian amavisd-new at mail.triptera.au Received: from mail.triptera.au ([127.0.0.1]) by localhost (mail.triptera.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ifl-Yit0XRY5 for ; Wed, 28 Feb 2024 09:26:19 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=triptera.com.au; s=202212; t=1709076379; bh=NirTUfVp6TlN3RgF+clt5DQ4d0Glj+HDm69kxjFcEhI=; h=Date:To:From:Subject:From; b=chFa5XhAIYQ6cM7jHjo/O5742nwzMl8f9Clt1l4m3c4r+Us57+nXhgo2zPbBt0KaQ 1ge/33wiOY1Zv7p79mhfxDAliN50V3O5uCWzjOefSzgFP0pClp2vg+aInT3hoNKqdu zw5pqi0lIw0lrsrsr0TK/b9FnOoOHhbNlnsU5+MZ8IGStH3TsmfTMY0RegXbl0wvUf M6z+pPBolG4U32cDmfovsJ8CUE+kcklT/85oDtfkQRvBO18ZC+CgoTIDOlzxABPXWb rD1Iorwf7Wgdn8cc7hJQm98Jx/w3JiVDAP8OCUbdsKkUv5vdez9QnvwYJDQV6Pt09O XE2XTiRf0UIBw== Content-Type: multipart/alternative; boundary="------------ysvBuWUxqKXw9TaP7Y8WGg8I" Message-ID: <97567a4f-4ad0-4e62-8c8f-9a2084e03f49@triptera.com.au> Date: Wed, 28 Feb 2024 09:26:19 +1000 MIME-Version: 1.0 Content-Language: en-AU To: WebObjects & WOnder Development From: D Tim Cummings Subject: SameSite Cookie warning Autocrypt: addr=tim@triptera.com.au; keydata= xsFNBFq0tuUBEADBtNgYk7i9klKGHU8MvSEBlXugZyGE9O07XCJ7R68HT/3XL4OXHYt1PBxM mrnvcyGom0+kGvd0Wp4EH7IM0QYCDelw0UzfASBlAAvgKrK6+MNBC6F8w5YNmT8T4wAoDaTH ChwFNqOoyqe1zFw2H17qFRuC4X0mQ6ArrEhtzGaYLtdAWHxOf8jft+LDSjSqIiLMqur/zfVv V4IJ8jY9rIZ04j1lLDGxvD+4iKlFVm1L9jdJZzMHjkB0zXIlCOboapky08kYZ4fS+PXCsJOz hNw1Bra6XH3rjIM2mPHDFyk+n+gii9z3UAE9VORcqDDl75J4dS7pNyUqPskHxIJQ8HOa7xVT gfHndwmYRIflURzbv5hpIDgN6E9YPz2ZTDTdy9VYwd4l+LEUNphPY+O13NV357VImOKOYLGM rYfYJMb6Wh8XwL6X4MSV956DkdWGS78HJ0CTyWm0s/sh/DG/bQfPLZuID7C9HWhHi98eliN1 V7lmK8rgiRK2eFjTKRxuy4U02GFskKoW4Ja/qqSG7/carUQKrvlJxRnTMnZ4Pu/LGOy9B6Ph ELHMm0srR786wJSeCHWvifoEUORVIBghlCtSkQSqeXG3fPk0zt/wfl63GkRfmwDe7WqHCSe2 5pwD553FpuSP1D6Trh9Ny4uleITxm+xkNAELimyonM95FWweqwARAQABzSREIFRpbSBDdW1t aW5ncyA8dGltQHRyaXB0ZXJhLmNvbS5hdT7CwZcEEwEKAEECGwMFCwkIBwMFFQoJCAsFFgID AQACHgECF4ACGQEWIQRl8aMTFErJeHdWmq5+9CzFgbhWGAUCYAqldwUJC0nYAAAKCRB+9CzF gbhWGClWD/4gDCT54EMrPMbpubf/+JdUwo6V8kLsJ6QxspGWQOtFcPdgjh3rkP65gWzpTka3 x68OFJCUBfMB5TeTE5alq/9v7g+BRExyj9oiXukbIgKXuBEUBD6aQCZbfFz/yvXUjVUKJ3J9 Ia/DNKiIpvXg0pv1df+ll5xxrzkGnDs4hstcoW3G3bRMfjgioj8FoQiRe8tRsvZ3Gy1fo7/W 0GYIcEe+GLQPs2sjeMxxwKRixI7C68O/9LnI6gVvwmgndQLNcS9S6lBvI/JIXpozFXYK7Z6o vjdi5Q+s82b0okEGw9uCmGhwN5wiH36d8fjm29QKxkyqyMsC0pe8KtRxY8Xn/v66He0X1Btk Jrq0pzbHnSxcqAOWA6jW/08/3R9fSt7eZfdlfwFpz8N0gQMS0JCU+PS/i9spq5lx1RC7lCTD hXeVWnZuS76y12bROdoyPmTXfOegzgyz1+VHTAPElq/lkRHFZ795526x7IOxTqf+aemptdSP 8ZgLy3j+JMtDf+hokJSmcu2Q3gW8SMZ6dIwkybFckazXTqO5K5jx7MpOTCn1oJhpYX2thN/p RWyqEaQoE/9v1VaNiHl1mNxSac12Io00Mw1swv8ZfCqcleTyPj7JNm4n1+FRa7SVz419k4+t MvUUn6HC9pbAbH8ozouS67TapNotPfdlWS3NVjPDQtJJEM7BTQRatLblARAA28WryHTE6AG7 /AGZwoCPiFz8D7iOoXLqWY/v0xc92m+52IfRbWnt31oMbfm3mBCSxn8XcRyiCkrL0GQ3l+1I T7ifRDXFOYx+scwNLfDt4x9QCxVdDh66Dc0xiB7eq+0qBYM2tmUfhh8ks/Ixqq+C+AfJXFcc sv8aFnDfSr/1a3nZg1cvBpfCkOiTKlr0teuVL/X9sYzU5hu4B6/dNoByZ/evDu+0+o/Wab3K QCMlmicNZ06qVCYspqikwNkn3WHtr0E1Noh30gKoKlC7RF2fGiGGKN9gdgocURn8Rg3oNs79 wbC+Z+G4oRQb8ckLmsecdmryTpfYJeQfRmamAixG80qHfCF0cPuyTt9iYBa2l83r7rFJa9ya 0eSDRLRjlgylhPSjMjTsWeXz5yh+SzTZbgHpvhZykj3BAcsCJNDbo/lOClX/cb2jh8hSwz60 luAFGDCT+naBSJL4aRFaoqPYQfqVrVQQZgzO+DCstOFV/Zx2f6tJ50E0wrIYyGGN5yloBV/N aTcHvkauwdJzdHe9thOy4aoEsgLQN2av07eUhrR015KSBjKgBain9ks6/OqMbXdRH8xZljEh ndwR1FmiDH4WodO6BukwjygbpukSl6yfj8SfeShr795eV0R5r2gMoAzb2fiJk1qPvF1R8dn/ yfvfvUjXcMUS+txzpnXkxu0AEQEAAcLBfAQYAQoAJgIbDBYhBGXxoxMUSsl4d1aarn70LMWB uFYYBQJhn/xuBQkLSdgAAAoJEH70LMWBuFYYZb8P/R3DVVUFFGXVoKnWSgN+D1d1R/V+Iwsd gxsiIS+0wL7rnjQ96K5KVBL/+knGo7a5kd6LpTpX6IlED7p5Q3mrS0/yUrLPuqCd0SjcZnc8 efrQPArdUy9/MJ70Kil5Hx5V0X0OVfQTteafT0qtoqtI7rFI8LNpRJXOUyjWNAojleB3Wso8 unyjHcTwp8FXNxejjJY3VUNn/rup1HDnCa70LPJgv3r16GPUShJ3pg4N6vPcCmx9qOPzhajJ sylCVO0/NowhOG2997mvYn4PavhaSZWm7ZQwHersWG7D86jYWu6fLNzL+BXhaBEh8VO8o7js nAV13EslB60ZOhkJJW0v+Uj1oY/vNRzlZoCIj1iFGw4gJroGN32ngqJzZMZUykfQBC0FsWtv 9Hkh3gme0nbH/4y0O0Opyz66wky6CXS6+3UnWeshExcLLYHhWBCxI73FC0nlbFcJGMunkY3b gsRxF0mQV0P3nWBBtcJ1uHcwDvKcacjr2mGB1nId2sBUeXtVR7C5rmpdYJqA4SjE/3QQ4XVj i/6qxN4nLYXGrPKogh7NA2RNWHUH4KUXGj/sxM+1oDkRcMwj8EIBjIe/TG0l3poAPevE7zBO sfqm+snNLFq7sqg3arEAF0x2uKHD4lwK8owIdY6684GJULjj45wsu57UEBkiVFssxVoEPQ4G SrmT This is a multi-part message in MIME format. --------------ysvBuWUxqKXw9TaP7Y8WGg8I Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi all I am getting warnings in firefox developer tools when running WebObjects/Wonder application. /Cookie “wosid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite/ I am getting the same warning for "wosid", "woinst" and "routeid_myapp" cookies. It looks like I can set properties er.extensions.ERXSession.cookies.SameSite=strict er.extensions.ERXSession.useSecureSessionCookies=true and that fixes the "wosid" and "woinst" cookies but not the "routeid_myapp" cookie. I can override ERXApplication.addBalancerRouteCookie(WOContext context) to apply the same settings but this seems like a bit of a hack considering the elegant solution available for the other two cookies. What are other people doing? Cheers Tim --------------ysvBuWUxqKXw9TaP7Y8WGg8I Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi all

I am getting warnings in firefox developer tools when running WebObjects/Wonder application.

Cookie “wosid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

I am getting the same warning for "wosid", "woinst" and "routeid_myapp" cookies.

It looks like I can set properties

er.extensions.ERXSession.cookies.SameSite=strict
er.extensions.ERXSession.useSecureSessionCookies=true

and that fixes the "wosid" and "woinst" cookies but not the "routeid_myapp" cookie. 

I can override ERXApplication.addBalancerRouteCookie(WOContext context) to apply the same settings but this seems like a bit of a hack considering the elegant solution available for the other two cookies. What are other people doing?

Cheers

Tim


--------------ysvBuWUxqKXw9TaP7Y8WGg8I--