Page History
Blueriq SameSite cookie attribute
With the SameSite cookie attribute it is possible to declare whether blueriq sends cookies while doing cross-site-requests. More and more browsers are blocking the cookies from being sent when this attribute is not set correctly. For more information, see https://owasp.org/www-community/SameSite.
Blueriq 15 introduces has two properties that enable the attribute and make it possible to declare the value of it.
The attribute can have 3 possible values:
- strict: the cookies are only sent when the origin of the requesting page is the same as one of the resources it is accessing.
- lax: cookies get only attached to requests from the same origin or are top-level redirects
- none: the cookie gets attached with the request regardless of the requests origin or type
By default samesite , the SameSite attribute of the cookie is disabled.
Enabling the same site cookie attribute from Blueriq version 15.0 onwards can be done by configuring the following property:
application.properties
|
By default the value is set to strict if same site is enabled.
Setting the value of the samesite SameSite cookie attribute can be done by configuring the following property:
application.properties
|
The samesite SameSite value can have the following three values, which are explained above:
- strict
- lax
- none