[ https://issues.apache.org/jira/browse/WICKET-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17708355#comment-17708355 ]
ASF GitHub Bot commented on WICKET-7037: ---------------------------------------- reiern70 commented on PR #567: URL: https://github.com/apache/wicket/pull/567#issuecomment-1495732184 > > In our case init parameter of servlet context will be enough :)) > > If Wicket won't set this value into some **Settings bean then there is nothing to do here. The application can set the extra init-param in its web.xml/annotation and read it from the ServletContext. Yes... but then for all the AjaxDonwloadBehaviors you will need to: 1. Read this parameter 2. Adapt your code to do `ajaxDonwloadBehavior.setAttribute("SameSite", "What you read from parameter"); @solomax You can allways roll you own AjaxDonwloadBehavior and do ``` class MyAjaxDonwloadBehavior extends AjaxDonwloadBehavior { MyAjaxDonwloadBehavior(IResource resource) { super (resource); setSameSite("read it from somewhere"); } } ``` But I stilll see the value of fixing some site without tocuhing your code (mind that for wicket 9.x you still will need to configure application server to decorate cookies). > [Ajax Download] cookie used to track download complete misses the SameSite > attribute > ------------------------------------------------------------------------------------ > > Key: WICKET-7037 > URL: https://issues.apache.org/jira/browse/WICKET-7037 > Project: Wicket > Issue Type: Bug > Affects Versions: 9.12.0 > Reporter: Ernesto Reinaldo Barreiro > Assignee: Ernesto Reinaldo Barreiro > Priority: Major > Fix For: 10.0.0, 9.13.0 > > Attachments: image-2023-04-02-11-58-25-399.png > > > Firefox produces the following warining when using AjaxDownload > Cookie “wicket-ajaxdownload-id63-0” does not have a proper “SameSite” > attribute value. Soon, cookies without the “SameSite” attribute or with an > invalid value will be treated as “Lax”. This means that the cookie will no > longer be sent in third-party contexts. If your application depends on this > cookie being available in such contexts, please add the “SameSite=None“ > attribute to it. To know more about the “SameSite“ attribute, read > [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite] > > from > > !image-2023-04-02-11-58-25-399.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)