From users-return-95118-archive-asf-public=cust-asf.ponee.io@wicket.apache.org Mon Dec 16 07:11:57 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 979E0180658 for ; Mon, 16 Dec 2019 08:11:57 +0100 (CET) Received: (qmail 1975 invoked by uid 500); 16 Dec 2019 07:11:56 -0000 Mailing-List: contact users-help@wicket.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@wicket.apache.org Delivered-To: mailing list users@wicket.apache.org Received: (qmail 1963 invoked by uid 99); 16 Dec 2019 07:11:56 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Dec 2019 07:11:56 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 92BB51A4242 for ; Mon, 16 Dec 2019 07:11:55 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.501 X-Spam-Level: * X-Spam-Status: No, score=1.501 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 7XpZhsUtEgXZ for ; Mon, 16 Dec 2019 07:11:54 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::72c; helo=mail-qk1-x72c.google.com; envelope-from=shengchehsiao@gmail.com; receiver= Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 9F2677DDD3 for ; Mon, 16 Dec 2019 07:11:53 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id k6so2088003qki.5 for ; Sun, 15 Dec 2019 23:11:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4NYzgjdtoOVhV6AjQgDBOFp2+gXMxns6cEjUwE/tEqY=; b=L2ehpYTpTBw9bJqa96Xc10b7HVTZva12ILjtxYRPsKFFnaDm9QBIcBhUArZ19hOWJb r+RlQgA/F8s23yypNUt2RC9nuqxC2cuX3FZ477CZR36N5qPnvtrdDc1CC53v1HgwCHzq XhRZdJr7xYvlioFCSCpeWTFURTvQNaUZx+8aI+R3eKIxw7XADXsvUrWj90aWs9Gdzk1R HW5ztXMvkERRTRyu6QyfiS2ACUpCgb8UYE/0eTQdjuStfV1UD4NtqyKJdRTu6WRLvu9S iWkZenHMni5rkaKQs3hZ7g06sc1G4MfZiYlg9rfbT9DTIZggS84uy8grQ7oJVhYFaX7Q vCgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=4NYzgjdtoOVhV6AjQgDBOFp2+gXMxns6cEjUwE/tEqY=; b=nL9uFvDylV6nzMPv5KIpzFvYXvSFE/xNOKQhfuWal/9dADG8ydkmXqou2VdynbcgMH P2/t0JowGAdmxduYs6rEKX9hehIBl8F/FRTCJFBHemTlwyev1cdjssMV/SwE2wfllRe8 h9IlSXi6GhvKV631Dyl7Ue65WRHBMC8tTTui2VjLyqDxWS5bapMFqFJxxfsP8eR1Zqk1 oBCdkmWV32S4NrF65XOhqWvK7J2dzQ5qN9XrKahx9qOBc1cnL4+yP5ixT6DaJCpPXp22 0Td71mQM6QvSb4LcKjPXiMqr66ajC56MosS2eTlbxmmmpfOC68P8JxtsubIowQGIeP29 4xBQ== X-Gm-Message-State: APjAAAUd13HUQCq64LfmAEH41OIar3uWQLDizxFpD0z44XroQDaYhDZc VnqJy1KxC0SYEGs9+4wdnxw53aYyvGQJVVFWmzcl3rSI X-Google-Smtp-Source: APXvYqxLE6PsXTE+pvw5hcO/K34nnyKPXCs6AykOY6y2TUaMvO8hS5ULsuTg6qshzg+jKWXr5Bfnjx9zbZW1F0QZ67Q= X-Received: by 2002:a05:620a:718:: with SMTP id 24mr24566423qkc.77.1576480306571; Sun, 15 Dec 2019 23:11:46 -0800 (PST) MIME-Version: 1.0 References: <2F03427E-4D10-4C84-B1E9-F75B25D61C08@meiers.net> In-Reply-To: <2F03427E-4D10-4C84-B1E9-F75B25D61C08@meiers.net> From: Shengche Hsiao Date: Mon, 16 Dec 2019 15:11:35 +0800 Message-ID: Subject: Re: Cookie SameSite issue To: Wicket User Mailinglist Content-Type: multipart/alternative; boundary="000000000000ab2dc50599cceceb" --000000000000ab2dc50599cceceb Content-Type: text/plain; charset="UTF-8" I solve it with add header.conf on apache httpd server Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None On Mon, Dec 16, 2019 at 2:53 PM Sven Meier wrote: > Hi, > > the Servlet spec doesn't support the "sameSite" attribute yet. You can > explicitly set a cookie header instead. > Or instruct Tomcat to add the attribute for you: > > > https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor > > Have fun > Sven > > > Am 16. Dezember 2019 03:19:10 MEZ schrieb ShengChe Hsiao < > front713@gmail.com>: > >Dear all > > > >Recently, I found chrome's developer console shows alert about > >cookie SameSite... > >A cookie associated with a cross-site resource at > >https://xxxxxxx.xxxx.xxxx/ > >was set without the `SameSite` attribute. A future release of Chrome > >will > >only deliver cookies with cross-site requests if they are set with > >`SameSite=None` and `Secure`. You can review cookies in developer tools > >under Application>Storage>Cookies and see more details at > >https://www.chromestatus.com/feature/5088147346030592 and > >https://www.chromestatus.com/feature/5633521622188032. > > > >Since servlet spec doesn't support this property, how can I deal with > >it? > > > > > >-------------------------------------------------------------------- > >-----------------------------------> > >To boldly go where no man has gone before. > >-------------------------------------------------------------------- > >-----------------------------------> > >We do this not because it is easy. We do this because it is hard. > >----------------------------------------------------------------- > >--------------------------------------> > >If I have seen further it is by standing on the shoulders of giants. > >---------------------------------------------------------- > >---------------------------------------------> > >front713@gmail.com > > >---------------------------------------------------------------------------------------------> > -- -----------------------------------------------------------------------> We do this not because it is easy. We do this because it is hard. -----------------------------------------------------------------------> ShengChe Hsiao -----------------------------------------------------------------------> front713@gmail.com front713@tc.edu.tw -----------------------------------------------------------------------> VoIP : 070-910-2450 -----------------------------------------------------------------------> --000000000000ab2dc50599cceceb--