Scala Play - How to Modify Cookie setting value before response goes out?

Question

I have a project on a 2.7.3 version of Scala Play framework. I need to address being able to set a cookie's Samesite value to 'None'. Currently in 2.7.3 you can only set to 'Lax' or 'Strict' via an enumeration. The ability to set the value to 'None' has been backported for 2.7.x but not yet released.

I need to address this now and can't wait for a future release. I am having a hard time figuring out how to accomplish setting a Cookie's Samesite value to 'None' within the given framework.

In order to modify the response result in a filter, I see I could call result.withCookie() which takes one or more play.api.mvc.cookie. I've tried to extend and modify play.api.mvc.cookie but the Samesite class is sealed abstract inside the Cookie class.

I thought I might be able to use an Essential Filter or an Action to modify the cookie right before the response goes out but don't see a way to get at an existing CSRF cookie or the Play_Session cookie and modify it.

Any ideas?

Answer 1

I think the workaround for this is probably to either use a proxy as @rowan_m mentions. Fortunately Lightbend got back to me and will be releasing their 2.8 version very soon - which I verified in the RC solved the issue using config settings: https://github.com/playframework/playframework/pull/9613#issuecomment-555305142