Mailing List webobjects-dev@wocommunity.org Messaggio #491
Da: D Tim Cummings <tim@triptera.com.au>
Oggetto: SameSite Cookie warning
Data: Wed, 28 Feb 2024 09:26:19 +1000
A: WebObjects & WOnder Development <webobjects-dev@wocommunity.org>
 Intestazione del messaggio

Testo originale del messaggio

Hi all

I am getting warnings in firefox developer tools when running WebObjects/Wonder application.

Cookie “wosid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

I am getting the same warning for "wosid", "woinst" and "routeid_myapp" cookies.

It looks like I can set properties

er.extensions.ERXSession.cookies.SameSite=strict
er.extensions.ERXSession.useSecureSessionCookies=true

and that fixes the "wosid" and "woinst" cookies but not the "routeid_myapp" cookie. 

I can override ERXApplication.addBalancerRouteCookie(WOContext context) to apply the same settings but this seems like a bit of a hack considering the elegant solution available for the other two cookies. What are other people doing?

Cheers

Tim


Iscrizione modo messaggi Iscrizione modo riassunto Iscrizione modo index Cancella Scrivi al Listmaster