[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: [users@httpd] Modifying/adding cookie attributes on the fly?
From: Martin Knoblauch <knobi () knobisoft ! de>
Date: 2020-08-27 7:11:48
Message-ID: CAJtcoLYdFF_xnYtH2dYwBM0peCnH0xUMQ+Yw5u2ZP4s1dcFWpw () mail ! gmail ! com
[Download RAW message or body]
Hi,
we have the following setup: Apache/httpd->mod_jk_>Apache/Tomcat. "httpd"
and "mod_jk" are recent versions, Tomcat is 9.0.12 and cannot be upgraded.
We also have only very limited influence on the application hosted there.
Problem is that the Cookies sent by the application do not have the
"SameSite" attribute set. So far not a big deal, but with newer browsers we
get POST failures because instead of assuming a value of "None" for the
unset attribute they now assume/set "Lax".
Ideally the application could be changed to do "the right thing", or we
could tell the Tomcat CookieProcessor to set the attribute to "None".
Unfortunately not possible. See above.
Now my question is, is there a trick to do that with "httpd" or a module?
Check whether the attribute is set, if not add it to the cookie?
Thanks in advance
Martin
--
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
[Attachment #3 (text/html)]
<div dir="ltr"><div>Hi,</div><div><br></div><div> we have the following setup: \
Apache/httpd->mod_jk_>Apache/Tomcat. "httpd" and "mod_jk" \
are recent versions, Tomcat is 9.0.12 and cannot be upgraded. We also have only very \
limited influence on the application hosted there.</div><div><br></div><div> Problem \
is that the Cookies sent by the application do not have the "SameSite" \
attribute set. So far not a big deal, but with newer browsers we get POST failures \
because instead of assuming a value of "None" for the unset attribute they \
now assume/set "Lax".</div><div><br></div><div> Ideally the application \
could be changed to do "the right thing", or we could tell the Tomcat \
CookieProcessor to set the attribute to "None". Unfortunately not possible. \
See above.</div><div><br></div><div> Now my question is, is there a trick to do that \
with "httpd" or a module? Check whether the attribute is set, if not add it \
to the cookie?</div><div><br></div><div>Thanks in \
advance<br></div><div>Martin<br></div><div>-- <br><div dir="ltr" \
class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr">------------------------------------------------------<br>Martin \
Knoblauch<br>email: k n o b i AT knobisoft DOT de<br>www: <a \
href="http://www.knobisoft.de" \
target="_blank">http://www.knobisoft.de</a></div></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic