[jira] [Commented] (OFBIZ-13284) Set default security headers in writeJSONtoResponse and ensure SameSite cookie is returned

Thu, 14 Aug 2025 01:48:00 -0700 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18013868#comment-18013868
 ] 

ASF subversion and git services commented on OFBIZ-13284:
---------------------------------------------------------

Commit 6ef97ef0687d062365073a061418349dd7acd2fd in ofbiz-framework's branch 
refs/heads/release24.09 from Sandeep Rajput
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=6ef97ef068 ]

Fixed: Support for Add default browser security headers in writeJSONtoResponse 
(OFBIZ-13284) (#907)

This is to ensure SameSite cookies are sent on response.

Currently, the writeJSONtoResponse method correctly sends the JSON
response, but it does not include the SameSite attribute in the default
security headers. As a result, the SameSite cookie is not returned in
the browser response.

Expected Behavior:

writeJSONtoResponse should set default security headers for the
response.
SameSite attribute should be correctly applied to all cookies sent in
the response.
The browser should receive and respect the SameSite cookie.

Thanks: Sandeep Rajput

> Set default security headers in writeJSONtoResponse and ensure SameSite 
> cookie is returned
> ------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-13284
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13284
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework/common
>    Affects Versions: 24.09.02
>            Reporter: Sandeep Rajput
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 24.09.03
>
>
> Currently, the writeJSONtoResponse method correctly sends the JSON response, 
> but it does not include the SameSite attribute in the default security 
> headers. As a result, the SameSite cookie is not returned in the browser 
> response.
> *Expected Behavior:*
>  # writeJSONtoResponse should set default security headers for the response.
>  # SameSite attribute should be correctly applied to all cookies sent in the 
> response.
>  # The browser should receive and respect the SameSite cookie.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to