-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SameSite=None cookie attribute is not supported #89
Comments
As quarkus-http is based on vert.x you can use the vert.x routing context to set same site cookies, or use Quarkus's same site config mechanism: http://quarkus.io/guides/http-reference#same-site-cookie Basically it allows you to set the attribute based on a cookie name. |
Thank you for the tip, however the relevant vertx extension doesn't handle cookies set by undertow properly, since Unfortunately, due to the above, Quarkus' After having a closer look into the two Here is a sample POC implementation, I believe it would make sense to adapt Quarkus' same-site-cookie handling implementation accordingly
Is there any other way to intercept the response and alter the |
Hi! We have the same problem with application.yml
TestController
As a result |
Is there any known workaround for this? In my case, the application I am using needs to be loaded in a iframe from another site and can no longer track sessions in the iframe because of the browser's cookie policy. |
I have opened #97 which backports the upstream Undertow samesite support. Once it is in and released we can integrate it with the existing vert.x config. |
It looks like #97 was merged. What are the steps to be able to take advantage of it? |
@aelfric A workaround is to handle this in META-INF/undertow-handlers.conf |
Sorry just saw this update, but that undertow-handlers workaround doesn't seem to do it for me. I just bumped the quarkus version to 2.15.3 but still not able to get the cookies working as expected. |
Dear community, Any updates here? Quarkus 3.6 will be out soon and still there seems to be this bug. The documentation from https://quarkus.io/guides/http-reference Point 14 says that : One can easily add a SameSite cookie property to any of the cookies set by a Quarkus endpoint by listing a cookie name and a SameSite attribute, for example: This does not seem to work though, with or without the Vert.x extension. With the web.xml file, you can set secure and path, but not SameSite. I also tried the to set in the undertow conf file : path(/)->samesite(‘None’), without any success either. If someone knows any other possibility, please feel free to share it. Any help massively appreciated! Thank you and best regards |
Since undertow version 2.1.0.Final (feature UNDERTOW-1600), Undertow supports
SameSite=None
attributes in cookies, through theSameSiteCookieHandler
.Unfortunately, it seems that quarkus-http has been left behind with undertow's latest developments.
Are there any plans to catch up with undertow's latest versions, or otherwise is there any other way to enable the
SameSite=None
cookie attribute with Quarkus when using Undertow?The text was updated successfully, but these errors were encountered: