[FOLIO-3913] Add LOGIN_COOKIE_SAMESITE to mod-login and mod-login-saml in snapshot in folio-ansible Created: 15/Oct/23  Updated: 19/Oct/23  Resolved: 19/Oct/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: TBD
Reporter: Steve Ellis Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to MODLOGIN-220 Fix SameSite security issues with log... Closed
Sprint:
Development Team: Core: Platform
RCA Group: TBD

 Description   

We would like to make the cookie more secure, but initial testing shows that the SameSite=Lax attribute doesn't work when hosts are different with GET requests.

Acceptance criteria:
Set the environment variable in mod-login and mod-login-saml to None. This will allow for testing of stripes clients to continue.

We should test setting it to Lax in perhaps rancher to further explore if we can make that work with different hosts.


Generated at Thu Feb 08 23:31:42 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.