iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0Hoolio
Ret. Employee
Joined February 06, 2020
Hoolio
Ret. Employee
Joined February 06, 2020
lorenze
Jul 09, 2020Altocumulus
I tried creating an irule with just the following entry but seems it doesn't fix the samesite concern:
when HTTP_RESPONSE {
set COOKIE_VAL [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach COOKIE_NAME $COOKIE_VAL {
HTTP::header insert "Set-Cookie" "${COOKIE_NAME}; SameSite=none"
HTTP::cookie secure ${COOKIE_NAME} enable
}
}
when HTTP_RESPONSE {
HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly;SameSite=none; Secure"
}
Is there something I am missing?
Thanks!