Hi,

 we have the following setup: Apache/httpd->mod_jk_>Apache/Tomcat. "httpd"
and "mod_jk" are recent versions, Tomcat is 9.0.12 and cannot be upgraded.
We also have only very limited influence on the application hosted there.

 Problem is that the Cookies sent by the application do not have the
"SameSite" attribute set. So far not a big deal, but with newer browsers we
get POST failures because instead of assuming a value of "None" for the
unset attribute they now assume/set "Lax".

 Ideally the application could be changed to do "the right thing", or we
could tell the Tomcat CookieProcessor to set the attribute to "None".
Unfortunately not possible. See above.

 Now my question is, is there a trick to do that with "httpd" or a module?
Check whether the attribute is set, if not add it to the cookie?

Thanks in advance
Martin
-- 
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Reply via email to