''Same-Site=None' is set on the server, but the client cannot verify it
Set-Cookie does not work because LAX is stored as the default value when there is no SameSite value in Chrome as follows. In Firefox, it works because the default value is not LAX.
'Same-Site=None' is set on the server, but the client cannot verify it. In this situation, I want to know where the problem occurred between the client and the server and how to solve it.
[Image] Chrome Response Headers (Not Working)
![[Image] Chrome Response Headers (Not Working)](https://i.stack.imgur.com/ekOCZ.png){kind=link}
[Image] Chrome Response Cookies (Not Working)
![[Image] Chrome Response Cookies (Not Working)](https://i.stack.imgur.com/t3foI.png){kind=link}
[Image] Firefox Request Headers (Working)
![[Image] Firefox Request Headers (Working)](https://i.stack.imgur.com/uljZ3.png){kind=link}
![[Image] Server Test Result](https://i.stack.imgur.com/EdZAM.png){kind=link}
'SameSite=None' has been added to the server as follows.
public class CookieAttributeFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
chain.doFilter(request, response);
log.info("CookieAttributeFilter");
Collection<String> headers = httpServletResponse.getHeaders(HttpHeaders.SET_COOKIE);
boolean firstHeader = true;
for (String header : headers) {
if (firstHeader) {
httpServletResponse
.setHeader(HttpHeaders.SET_COOKIE, String.format("%s;Secure;%s", header, "SameSite=" + "None"));
firstHeader = false;
continue;
}
httpServletResponse
.addHeader(HttpHeaders.SET_COOKIE, String.format("%s;Secure;%s", header, "SameSite=" + "None"));
}
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|