Mark,
On 12/15/23 04:03, Mark Thomas wrote:
On 14/12/2023 21:15, André van der Lugt wrote:
From: Chuck Caldarale <mailto:n82...@gmail.com>
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List <mailto:users@tomcat.apache.org>
Subject: [EXTERNAL] - Re: Partitioned cookies
On Nov 15, 2023, at 08:06, Adam Warfield
<mailto:awarf...@opentext.com.INVALID> wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie
attribute
but starting in 2024, browsers will begin enforcing the newer
"Partitioned"
attribute for third-party cookies. Is there a way to set this
attribute within
Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This
affects
any webapps that are embedded within iframes across domains where those
cookies will be rejected if not partitioned.
Looks like the CHIPS proposal:
https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/
expired this past May and no updated version has been submitted to
IETF. Is
there some other active standards document describing cookie
partitioning?
- Chuck
Standard or not, Google/Chrome is moving on and will (as noted above)
soon start to gradually reject third-party cookies without the
Partitioned attribute.
I'm kindly asking the experts: is Tomcat support for this feature
being planned?
No.
If not, what can be done to modestly prioritize it?
Open an enhancement request in Bugzilla. Better still, provide a PR to
implement the change.
No need, right? Tomcat 10 has Cookie.setAttribute(), as I mentioned back
on 2023-11-16 in response to the OP.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
