Details

    • Type: Feature Request
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.0.26.Final
    • Fix Version/s: 2.1.0.Final
    • Component/s: Core
    • Labels:
      None

      Description

      Initial SameSite Cookie support was implemented by UNDERTOW-1024 2 year ago. It was based on https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00.

      Though the specification is still draft, as per https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1, some part has been updated. For example:

      • A new "None" attribute is added in addition to "Strict" and "Lax".
      • A bare SameSite attribute is not supported. SameSite attribute needs to be set with "Strict", "Lax" or "None".

      I would like to propose the following update for SameSite Cookie support:

      • Define 3 SameSiteMode ("Strict", "Lax" and "None") as enum in io.undertow.server.handlers.Cookie
      • Implement getSameSiteMode() and setSameSiteMode() in io.undertow.servlet.spec.ServletCookieAdaptor. Servlet API has not yet supported SameSite Cookie, but this can enable SameSite flag to the Servlet Cookie through the Undertow API
      • Add SameSiteCookieHandler which can set the SameSite flag on all cookies or the cookie which matches specified name.

      In addition, as per the articles https://web.dev/samesite-cookie-recipes/ and https://www.chromium.org/updates/same-site/incompatible-clients which was written just after raising this JIRA, there are some user agents are known to be not compatible with SameSite=None attribute. So, I would like to add a utility class that can detect such incompatible clients and can be used not to send SameSite=None cookie for such clients.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mmiura Masafumi Miura
                  Reporter:
                  mmiura Masafumi Miura
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: