Le 27/08/2020 à 09:11, Martin Knoblauch a écrit :
Hi,
we have the following setup: Apache/httpd->mod_jk_>Apache/Tomcat.
"httpd" and "mod_jk" are recent versions, Tomcat is 9.0.12 and cannot be
upgraded. We also have only very limited influence on the application
hosted there.
Problem is that the Cookies sent by the application do not have the
"SameSite" attribute set. So far not a big deal, but with newer browsers
we get POST failures because instead of assuming a value of "None" for
the unset attribute they now assume/set "Lax".
Ideally the application could be changed to do "the right thing", or
we could tell the Tomcat CookieProcessor to set the attribute to "None".
Unfortunately not possible. See above.
Now my question is, is there a trick to do that with "httpd" or a
module? Check whether the attribute is set, if not add it to the cookie?
Thanks in advance
Martin
--
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
Hi,
Cookies are just header fields.
Have you already looked at the Header directive of mod_alias [1]?
CJ
[1]: https://httpd.apache.org/docs/2.4/mod/mod_headers.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org