Reputation: 36
Set SameSite for Cookie in Apex
As explained in https://web.dev/samesite-cookies-explained/, Chrome will enable SameSite=lax by default if SameSite is not specified.
In Apex, we can set Cookie using Cookie ck = new Cookie('cookieLabel','cookieValue',null,-1,false);
How can I set SameSite=None;Secure for ck variable of Cookie class?
Upvotes: 1
Views: 1515
Answers (1)
Reputation: 3050
As far as I can tell, the Apex Cookie Class does not support the SameSite attribute at all.
As a result, I would investigate using HttpResponse.setHeader() directly:
httpResponse.setHeader('Set-Cookie', 'cookieLabel=cookieValue; SameSite=None; Secure');
Be aware though, in other frameworks I do see the cookie handling overwrite any existing Set-Cookie headers so you may want to ensure you do any manual setting of headers either before or after the in-built cookie handling.
I would also raise a feature request for full support of the SameSite attribute in the framework.
Upvotes: 1
Related Questions
- How to set sameSite cookie in Tomcat's cookie processor?
- PHP setcookie "SameSite=Strict"?
- How to set same-site cookie flag in Spring Boot?
- How to set sameSite=None in Asp.Net MVC generated cookies?
- Samesite cookie flag and ASP 2.1
- PHP setting a Session-Cookie with samesite
- Setting SameSite=None and Secure in ASP.NET
- How to set SameSite cookie attribute to explicit None ASP NET Core
- SameSite attribute in cookies
- How to set SameSite cookie attribute using Apache configuration?