iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0Aaron_Hooley
Ret. Employee
Joined February 06, 2020
Aaron_Hooley
Ret. Employee
Joined February 06, 2020
Aaron_Hooley
Mar 01, 2021Ret. Employee
Hi Juan,
Are you using the latest version of the iRule which includes these lines?
# 1.5 - Aaron Hooley - Fixed issue noted in https://support.f5.com/csp/article/K23237429 by disabling the iRule if another response has already been sent
# Run this response event with priority 900 after all other iRules to parse the final cookies from the application and BIG-IP
when HTTP_RESPONSE_RELEASE priority 900 {
# Don't do anything if a response has already been triggered for this request
if {[HTTP::has_responded]}{
if { $samesite_debug }{ log local0. "$prefix Exiting as response has already been triggered by another configuration option" }
# exit this event in this iRule
return
}
Aaron