Support for Partitioned cookie attribute
bachkilan opened this issue · comments
Expected Behavior
able to add Partitioned cookie attribute for spring session in DefaultCookieSerializer
Current Behavior
no field available for partitioned
Context
This is relevant for webapps embedded in IFrames across domains, typically those which already have configured "SameSite=None" cookie attribute: starting 2024, Google/Chrome will start phasing out third-party cookies, see https://developers.google.com/privacy-sandbox/3pcd
we need to have this attribute set to have our site working embedded in chrome.
Hi, @bachkilan. Thanks for the report.
I believe that we can add a setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer)
that would allow us to customize any attribute available in ResponseCookieBuilder
. It would look like spring-projects/spring-security#12237. It would also deprecate the other attribute's setter methods since we will prefer to set your own customizer than setting each attribute individually.
Are you interested in submitting a PR that adds the new setter?
And I add the same comment here:
We are still on Spring Boot v2.7.18, using Spring v5.3.31.
Just have a bunch of 120 customers with 10000 end users using the app in IFRAME and this will force customers to remove IFRAME, which will be a royal pain for us.