Set the SameSite Cookie Attribute for Web Application and BIG-IP Module Cookies

Problem this snippet solves: UPDATE: Note that the work for SameSite is evolving rapidly and this new entry should be considered over the iRule contents below. Chrome (and likely other browser...
Published Feb 06, 2020
Version 1.0
application delivery
csrf
iRules
samesite
security
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
David_Scott's avatar
David_Scott
Icon for Employee rankEmployee
Feb 16, 2020

if you're on a version that doesn't support the HTTP::cookie attribute method (v11) here's a way to add the attribute. Ideally you'd upgrade to v12+ but if that's not an option this may help get you by until you can. Obviously change SameSitee=none to whatever you need it set to. 

when HTTP_RESPONSE {
	set COOKIE_VAL [HTTP::header values "Set-Cookie"]
	
	foreach COOKIE_NAME $COOKIE_VAL {
                HTTP::header insert "Set-Cookie" "${COOKIE_NAME}; SameSite=none"
		HTTP::cookie secure ${COOKIE_NAME} enable
                
	}
 
}