[
https://issues.apache.org/jira/browse/WICKET-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707828#comment-17707828
]
ASF GitHub Bot commented on WICKET-7037:
----------------------------------------
martin-g commented on code in PR #566:
URL: https://github.com/apache/wicket/pull/566#discussion_r1155670713
##########
wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/wicket-ajaxdownload.js:
##########
@@ -28,7 +28,7 @@
Wicket.AjaxDownload = {
initiate : function(settings) {
document.cookie = settings.name +
- '=;path=/;Max-Age=0;expires=Thu, 01 Jan 1970
00:00:01 GMT';
+ '=;path=/;Max-Age=0;expires=Thu, 01 Jan 1970
00:00:01 GMT; SameSite=None; Secure';
Review Comment:
I just created https://issues.apache.org/jira/browse/WICKET-7038
Servlet API 6.x has the setter.
But this is only for Wicket 10.x
> [Ajax Download] cookie used to track download complete misses the SameSite
> attribute
> ------------------------------------------------------------------------------------
>
> Key: WICKET-7037
> URL: https://issues.apache.org/jira/browse/WICKET-7037
> Project: Wicket
> Issue Type: Bug
> Reporter: Ernesto Reinaldo Barreiro
> Assignee: Ernesto Reinaldo Barreiro
> Priority: Major
> Attachments: image-2023-04-02-11-58-25-399.png
>
>
> Firefox produces the following warining when using AjaxDonwload
> Cookie “wicket-ajaxdownload-id63-0” does not have a proper “SameSite”
> attribute value. Soon, cookies without the “SameSite” attribute or with an
> invalid value will be treated as “Lax”. This means that the cookie will no
> longer be sent in third-party contexts. If your application depends on this
> cookie being available in such contexts, please add the “SameSite=None“
> attribute to it. To know more about the “SameSite“ attribute, read
> [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite]
>
> from
>
> !image-2023-04-02-11-58-25-399.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
