You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

Blueriq SameSite cookie attribute

With the SameSite cookie attribute it is possible to declare whether blueriq sends cookies while doing cross-site-requests.  More and more browsers are blocking the cookies from being sent when this attribute is not set correctly. For more information, see https://owasp.org/www-community/SameSite.

Blueriq has two properties that enable the attribute and make it possible to declare the value of it. 

The attribute can have 3 possible values: 

  • strict: the cookies are only sent when the origin of the requesting page is the same as one of the resources it is accessing.
  • lax: cookies get only attached to requests from the same origin or are top-level redirects
  • none: the cookie gets attached with the request regardless of the requests origin or type


By default, the SameSite attribute of the cookie is disabled.

Enabling the same site cookie attribute can be done by configuring the following property:
application.properties

blueriq.security.cookie-same-site.enabled=true


By default the value is set to strict if same site is enabled.

Setting the value of the SameSite cookie attribute can be done by configuring the following property:

application.properties

blueriq.security.cookie-same-site.value=strict

The SameSite value can have the following three values, which are explained above:

  • strict
  • lax
  • none

Didn't find the answer you were looking for? Try the advanced search