On 14/12/2023 21:15, André van der Lugt wrote:
From: Chuck Caldarale <mailto:[email protected]>
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List <mailto:[email protected]>
Subject: [EXTERNAL] - Re: Partitioned cookies
On Nov 15, 2023, at 08:06, Adam Warfield
<mailto:[email protected]> wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie attribute
but starting in 2024, browsers will begin enforcing the newer "Partitioned"
attribute for third-party cookies. Is there a way to set this attribute within
Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This affects
any webapps that are embedded within iframes across domains where those
cookies will be rejected if not partitioned.
Looks like the CHIPS proposal:
https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/
expired this past May and no updated version has been submitted to IETF. Is
there some other active standards document describing cookie partitioning?
- Chuck
Standard or not, Google/Chrome is moving on and will (as noted above) soon
start to gradually reject third-party cookies without the Partitioned attribute.
I'm kindly asking the experts: is Tomcat support for this feature being planned?
No.
If not, what can be done to modestly prioritize it?
Open an enhancement request in Bugzilla. Better still, provide a PR to
implement the change.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
