Open Closed

A cookie associated with a cross-site resourcwas set without the `SameSite` attribute #9273


0
bluescopesteel created

Hi,

I see that your code sets cookies as follows:

UtilsService().setCookieValue();

How are we meant to set the SameSite attribute for these coookies.

eg

private static setEncryptedTokenCookie(encryptedToken: string) {
    new UtilsService().setCookieValue(AppConsts.authorization.encrptedAuthTokenName,
        encryptedToken,
        new Date(new Date().getTime() + 365 * 86400000), //1 year
        abp.appPath
    );
}

This appears an important issue - yet I have seen no advisiory from you on it. Is our Website going to stop working soon?

What do I need to do to get the ABP SetCookieValue() code to comply?

I have seen other posts in your forums on this BUT in them I have not seen clear advice from you.


1 Answer(s)
  • 0
    musa.demir created
    Support Team

    Hi @bluescopesteel I have created an issue about it. You can follow the progress in here: https://github.com/aspnetzero/aspnet-zero-core/issues/3403