Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Partitioned cookie attribute #2787

Closed
bachkilan opened this issue Feb 9, 2024 · 6 comments
Closed

Support for Partitioned cookie attribute #2787

bachkilan opened this issue Feb 9, 2024 · 6 comments
Assignees
@marcusdacoregio
Labels
in: core type: enhancement A general enhancement
Milestone
3.4.0-M1

Comments

@bachkilan
Copy link

Expected Behavior

able to add Partitioned cookie attribute for spring session in DefaultCookieSerializer

Current Behavior

no field available for partitioned

Context

This is relevant for webapps embedded in IFrames across domains, typically those which already have configured "SameSite=None" cookie attribute: starting 2024, Google/Chrome will start phasing out third-party cookies, see https://developers.google.com/privacy-sandbox/3pcd

we need to have this attribute set to have our site working embedded in chrome.
@bachkilan bachkilan added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Feb 9, 2024
@marcusdacoregio
Copy link
Contributor

Hi, @bachkilan. Thanks for the report.

I believe that we can add a setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer) that would allow us to customize any attribute available in ResponseCookieBuilder. It would look like spring-projects/spring-security#12237. It would also deprecate the other attribute's setter methods since we will prefer to set your own customizer than setting each attribute individually.

Are you interested in submitting a PR that adds the new setter?

@marcusdacoregio marcusdacoregio added in: core and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 14, 2024
@marcusdacoregio marcusdacoregio added status: ideal-for-contribution An issue that we actively are looking for someone to help us with and removed status: ideal-for-contribution An issue that we actively are looking for someone to help us with labels Mar 11, 2024
@marcusdacoregio
Copy link
Contributor

Related spring-projects/spring-framework#31454

@4braincells
Copy link

Related spring-projects/spring-framework#31454

And I add the same comment here:
We are still on Spring Boot v2.7.18, using Spring v5.3.31.
Just have a bunch of 120 customers with 10000 end users using the app in IFRAME and this will force customers to remove IFRAME, which will be a royal pain for us.

@marcusdacoregio marcusdacoregio self-assigned this Jun 13, 2024
@marcusdacoregio marcusdacoregio added this to the 3.4.0-M1 milestone Jun 13, 2024
marcusdacoregio added a commit that referenced this issue Jun 17, 2024
@marcusdacoregio
Fix javadoc
3bf3468 
Issue gh-2787
@miskr-instructure
Copy link

miskr-instructure commented Sep 13, 2024
edited
Loading

@marcusdacoregio Did you guys forget to add the auto configuration? Or was that intentionally skipped?

See https://github.com/spring-projects/spring-session/blob/3.4.0-M2/spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java#L180

I'd have expected that setting partitioned: 'true' in application.yaml would work

server:
  servlet:
    session:
      cookie:
        same-site: 'none'
        partitioned: 'true'  # <--- ignored?
        secure: 'true' # <-- coincidentally also not ignored?

but based on the code it looks like nothing reads it.

@marcusdacoregio
Copy link
Contributor

Hi @miskr-instructure. Application properties are a feature of Spring Boot. Please open an enhancement request on their issue tracker.

@miskr-instructure miskr-instructure mentioned this issue Sep 13, 2024
Closed
@miskr-instructure
Copy link

^ Hopefully will work with config after spring-projects/spring-boot#42316

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: core type: enhancement A general enhancement
Projects
Spring Security Team
Status: No status
Milestone
3.4.0-M1
Development

No branches or pull requests
4 participants
@marcusdacoregio @bachkilan @4braincells @miskr-instructure