-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
33.0.0.Final
-
None
-
---
-
---
Servlet 6.0 added support for arbitrary cookie attributes [1], however, WildFly was never updated to support this.
e.g.
A valid web.xml containing the following currently throws a parser error:
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" version="6.0"> <session-config> <cookie-config> <attribute> <attribute-name>SameSite</attribute-name> <attribute-value>None</attribute-value> </attribute> </cookie-config> </session-config> </web-app>
I'm filing this as a critical bug since this breaks compliance with the servlet specification. Apparently, the Servlet TCK was never updated to validate compliance for this new feature [2].
[1] https://github.com/jakartaee/servlet/issues/175
[2] https://github.com/jakartaee/servlet/pull/401
To fix this, we need the following:
- A new release of jboss-metadata containing metadata/parser support
- A new release of Undertow, containing updates to io.undertow.servlet.api.ServletSessionConfig to support arbitrary cookie attributes.
- Changes the Undertow subsystem model/schema to support for arbitrary attributes within /undertow=subsystem/servlet-container=*/setting=session-cookie and affinity-cookie
- Changes to UndertowDeploymentInfoService to apply default cookie attributes from subsystem model and metadata to the ServletSessionConfig of the DeploymentInfo.
- is blocked by
-
-
- Coding In Progress
-
-
-
- Coding In Progress
-
- split to
-
WFLY-19568 Add support for arbitrary cookie attributes for session-cookie, affinity-cookie, sso cookie, etc.
-
- Open
-