[jira] [Resolved] (SHIRO-793) deleteMe cookie should use the defined "sameSite"

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Resolved] (SHIRO-793) deleteMe cookie should use the defined "sameSite"

Benjamin Marwell (Jira)

     [ https://issues.apache.org/jira/browse/SHIRO-793?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Demers resolved SHIRO-793.
    Resolution: Resolved

> deleteMe cookie should use the defined "sameSite"
> -------------------------------------------------
>                 Key: SHIRO-793
>                 URL: https://issues.apache.org/jira/browse/SHIRO-793
>             Project: Shiro
>          Issue Type: Task
>            Reporter: Brian Demers
>            Priority: Major
>             Fix For: 2.0.0, 1.7.0
>          Time Spent: 20m
>  Remaining Estimate: 0h
> With Chrome increasing security of cookies not defining any SameSite options, the deleteMe cookie may be blocked by Chrome under some circumstances.
> For example, when an app is used within a cross-site iframe, one must defined the option SameSite=None option. This works for the main cookie, but the deleteMe is currently blocked. This commit fixes this.
> https://github.com/apache/shiro/pull/257

This message was sent by Atlassian Jira