You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Blueriq SameSite cookie attribute

With the SameSite cookie attribute it is possible to declare whether blueriq sends cookies while doing cross-site-requests.  More and more browsers are blocking the cookies from being sent when this attribute is not set correctly.

Blueriq 15 introduces two properties that enable the attribute and make it possible to declare the value of it. 

The attribute can have 3 possible values: 

  • strict: the cookies are only sent when the origin of the requesting page is the same as one of the resources it is accessing.
  • lax: cookies get only attached to requests from the same origin or are top-level redirects
  • none: the cookie gets attached with the request regardless of the requests origin or type


By default samesite of the cookie is disabled.

Enabling the same site cookie attribute from Blueriq version 15.0 onwards can be done by configuring the following property:
application.properties

blueriq.security.cookie-same-site.enabled=true


By default the value is set to strict if same site is enabled.

Setting the value of the samesite cookie attribute can be done by configuring the following property:

application.properties

blueriq.security.cookie-same-site.value=strict

The samesite value can have the following three values:

  • strict
  • lax
  • none
  • No labels