63947 – Rfc6265CookieProcessor won't output SameSite=None

Bug 63947 - Rfc6265CookieProcessor won't output SameSite=None

Summary: Rfc6265CookieProcessor won't output SameSite=None

Status:	RESOLVED DUPLICATE of bug 63865

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Util (show other bugs)
Version:	9.0.27
Hardware:	PC Mac OS X 10.1

Importance:	P2 normal (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-11-21 10:27 UTC by Matthew Buckett
Modified:	2019-11-21 12:30 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Buckett 2019-11-21 10:27:43 UTC

With the upcoming change to Google Chrome will mean that any cookie without a SameSite=None attribute will be treated as though it has SameSite=Lax (https://www.chromestatus.com/feature/5088147346030592). Currently the Rfc6265CookieProcessor doesn't allow you to output a SameSite=None attribute as when you try the cookie processor ignores it as previously not outputting the values was equivalent.

Could we allow the Rfc6265CookieProcessor to output SameSite=None so that I can use this to revert the behaviour of Chrome to sending Cookies on cross domain requests?

Comment 1 Mark Thomas 2019-11-21 12:30:01 UTC


*** This bug has been marked as a duplicate of bug 63865 ***