Hi All,
Recently I am exploring a lot of article of implement SameSite=Strict or at least Samesite=Lax attribute (if the former breaks/affects the proper functioning of the application).
I half understand what it mean, and very confusing. Anyone of you can guide me step by step how to achieve it?
At least Samesite=Lax will do.
So next round assessment scanning the result won't be showing as "NONE".
My application running in Outsystems cloud.
Appreciate if you can help me.
Thank you
Hi Jing Tung,
Please refer to the following article with regard to Upcoming changes in cookie handling in Google Chrome and read it with care in order to understand how the OutSystems handles the SameSite attribute of the platform's generated cookies.
In short, the platform currently only allows two default values for SameSite attribute of its generated cookies via Lifetime security settings:
This means that it is currently not possible to use the values Strict or Lax for the SameSite attribute of the platform's generated cookies. However, OutSystems is considering adding additional default values in the future as is also stated in the article:
"In a future version, after the major browsers have rolled out this new cookie-handling behavior and based on the results, OutSystems will review the defaults and consider the possibility of adding "Lax" as a configurable value for the "SameSite" setting."
Last, for cookies created by use of the SetCookie action of the HTTPRequestHandler module, it is possible to set the SameSite attribute with the values None, Strict or Lax.
Hope this helped!
Regards,
Nordin
Hi Nordin ,
Thanks for your reply
Can I say that, currently Outsystems Cloud hosting generated cookies via Lifetime security , and only have
In the Future, Outsystems "will review the defaults and consider the possibility of adding "Lax" as a configurable value for the "SameSite" setting."
Also SetCookie action of the HTTPRequestHandler module is it mean when my application integrate to third party system or domain, then only can use SETCOOKIE?