Atozed Forums Atozed Software Products IntraWeb English IntraWeb General Discussion v
SameSite := ssoNone is not added to header response

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
SameSite := ssoNone is not added to header response
mhammady Offline
Junior Member
**
Posts: 46
Threads: 19
Joined: Mar 2018
Reputation: 3
Location: US
#1
10-14-2023, 01:55 AM (This post was last modified: 10-14-2023, 07:38 PM by mhammady. Edit Reason: update image )
I need my app to be used from an iframe. When I set up a standalone server to use SSL and set CookieOptions.SameSite=ssoNone, the SameSite=None is not written resulting in the web browser considering it absent and defaulting to SameSite=Lax

I've seen this behavior in Chrome & Edge. With Firefox if SameSite=None is missing consider it as "None"

Can anyone please advise why SameSite is not showing when set to None?

PS: IW15.2.65

Thank you


Attached Files Thumbnail(s)
   
Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#2
10-16-2023, 11:05 PM
Not sure how to change this behaviour without changing IW's source code... Browsers are adopting Lax whenever the attribute is empty or doesn't exist, indeed.

I'll give it a thought. In our code base this has been fixed already
Find
Reply
mhammady Offline
Junior Member
**
Posts: 46
Threads: 19
Joined: Mar 2018
Reputation: 3
Location: US
#3
10-17-2023, 11:44 AM
Thanks Alex, so the solution is to upgrade to the latest version? Fixed in v 15.4.x?
Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#4
10-17-2023, 09:50 PM
It will be available in the next update. If you've been using the latest version, please wait a few more days and we can release an update for it.
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)