[jira] [Commented] (WICKET-7037) [Ajax Download] cookie used to track download complete misses the SameSite attribute

Tue, 04 Apr 2023 03:36:40 -0700 


    [ 
https://issues.apache.org/jira/browse/WICKET-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17708355#comment-17708355
 ] 

ASF GitHub Bot commented on WICKET-7037:
----------------------------------------

reiern70 commented on PR #567:
URL: https://github.com/apache/wicket/pull/567#issuecomment-1495732184

   > > In our case init parameter of servlet context will be enough :))
   > 
   > If Wicket won't set this value into some **Settings bean then there is 
nothing to do here. The application can set the extra init-param in its 
web.xml/annotation and read it from the ServletContext.
   
   Yes... but then for all the AjaxDonwloadBehaviors you will need to:
   
   1. Read this parameter 
   2. Adapt your code to do `ajaxDonwloadBehavior.setAttribute("SameSite", 
"What you read from parameter");
   
   @solomax 
   
   You can allways roll you own AjaxDonwloadBehavior and do
   
   ```
   class MyAjaxDonwloadBehavior extends AjaxDonwloadBehavior {
   
        MyAjaxDonwloadBehavior(IResource resource) {
          super (resource);
          setSameSite("read it from somewhere");
        }
   }
   ```
   
   But I stilll see the value of fixing some site without tocuhing your code 
(mind that for wicket 9.x you still will need to configure application server 
to decorate cookies).




> [Ajax Download] cookie used to track download complete misses the SameSite 
> attribute
> ------------------------------------------------------------------------------------
>
>                 Key: WICKET-7037
>                 URL: https://issues.apache.org/jira/browse/WICKET-7037
>             Project: Wicket
>          Issue Type: Bug
>    Affects Versions: 9.12.0
>            Reporter: Ernesto Reinaldo Barreiro
>            Assignee: Ernesto Reinaldo Barreiro
>            Priority: Major
>             Fix For: 10.0.0, 9.13.0
>
>         Attachments: image-2023-04-02-11-58-25-399.png
>
>
> Firefox produces the following warining when using AjaxDownload
> Cookie “wicket-ajaxdownload-id63-0” does not have a proper “SameSite” 
> attribute value. Soon, cookies without the “SameSite” attribute or with an 
> invalid value will be treated as “Lax”. This means that the cookie will no 
> longer be sent in third-party contexts. If your application depends on this 
> cookie being available in such contexts, please add the “SameSite=None“ 
> attribute to it. To know more about the “SameSite“ attribute, read 
> [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite]
>  
> from 
>  
> !image-2023-04-02-11-58-25-399.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to