1

For new chrome update I need to set explicitly the Samesite attribute in cookie in JSESSIONID is there anyway to set that Attribute in vaadin 14.

Is anything possible with VaadinServiceInitListener? I have a class extended with it.

Any Response will be highly Appreciable.

I Have tried to add the cookie following way but dosen't get add in JSESSIONID

@SpringComponent
@Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public class ConfigureAdvocateUIServiceInitListener implements VaadinServiceInitListener {

    /**
     * 
     */
    private static final long serialVersionUID = 1L

    @Autowired
    private I18N i18n;

    @Override
    public void serviceInit(ServiceInitEvent event) {
        event.getSource().addUIInitListener(uiEvent -> {
            VaadinResponse currentResponse = VaadinService.getCurrentResponse();
        currentResponse.setHeader("Set-Cookie", "key=value; HttpOnly; SameSite=strict");

        });

    }
kushal Baldev
  • 729
  • 1
  • 14
  • 37
  • P.S I am using spring boot Vaadin and micro services – kushal Baldev Mar 05 '20 at 12:17
  • Hey kushal, I could answer the part of how to access Cookies inside the VaadinServiceInitListener, but I don't know how to set the sameSite attribute, because the Cookie class doesn't have that attribute. See [this SO thread](https://stackoverflow.com/questions/42717210/samesite-cookie-in-java-application). Would answering just the first part help you? – kscherrer Mar 05 '20 at 12:20
  • Hi Kscherrer I watched that thread and try to add cookie but it sets as a new cookie at the last but that will not work for me as I have my vaadin application embedded as iframe in another application so its now been hard to allow two domains by chrome. – kushal Baldev Mar 05 '20 at 12:30
  • You say you have a class that extends VaadinServiceInitListener. please add that code to the question. Show me how you add the cookie which you mention in your last comment. – kscherrer Mar 05 '20 at 12:55
  • 1
    You are setting a cookie with the name "key" and the value "value". – kscherrer Mar 05 '20 at 13:04
  • Hi Kscherrer I added code in the question itself you can view it.!! – kushal Baldev Mar 05 '20 at 13:04
  • yes I add like in this way it gets added benath all the cookie so I want just like to edit the jsessionId cookie so that browsers can allow my application embedded in another. – kushal Baldev Mar 05 '20 at 13:05
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/209082/discussion-between-kushal-baldev-and-kscherrer). – kushal Baldev Mar 05 '20 at 13:11
  • See this info about SameSite cookies with java: https://community.shopify.com/c/Shopify-APIs-SDKs/SameSite-cookie-SOLUTION-for-Java-based-deployments/td-p/645661 – kscherrer Mar 05 '20 at 14:45

0 Answers0