iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0
application delivery
iRules
samesite
Hoolio's avatar
Hoolio
Ret. Employee
Mar 01, 2021

Hi Juan,

Are you using the latest version of the iRule which includes these lines?

https://github.com/f5devcentral/irules-toolbox/blob/master/security/http/cookies/samesite-attributes.tcl

# 1.5 - Aaron Hooley - Fixed issue noted in https://support.f5.com/csp/article/K23237429 by disabling the iRule if another response has already been sent

# Run this response event with priority 900 after all other iRules to parse the final cookies from the application and BIG-IP
when HTTP_RESPONSE_RELEASE priority 900 {
 
	# Don't do anything if a response has already been triggered for this request
	if {[HTTP::has_responded]}{
		if { $samesite_debug }{ log local0. "$prefix Exiting as response has already been triggered by another configuration option" }
		# exit this event in this iRule
		return
	}

Aaron