Class SameSiteCookieHeaderFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class SameSiteCookieHeaderFilter
    extends Object
    implements javax.servlet.Filter
    Implementation of an HTTP servlet Filter which adds the SameSite attribute to cookies, until the Java API supports it natively, if ever.

    Allows to set the SameSite directive to None on certain cookies. It also adds the Secure directive if enabled (which is required for SameSite=None). Chrome v80, rolled out in March 2020, treats any cookies without the SameSite directive set as though they are SameSite=Lax (https://www.chromestatus.com/feature/5088147346030592). This is a breaking change from the previous default behavior, which was to treat those cookies as SameSite=None.

    • Constructor Detail

      • SameSiteCookieHeaderFilter

        public SameSiteCookieHeaderFilter()
    • Method Detail

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws IOException,
                             javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        IOException
        javax.servlet.ServletException
      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException