Meltdown and Spectre Web Application Risk Management
Updated Jun 23, 2022
Version 2.0Was this article helpful?
Unfortunately the HTTP::Cookie command doesn't support the SameSite flag. If support was to be added, it would be included in versions past 13.1.0 - which would make it obsolete for the issue at hand (since this feature is included in ASM since 13.1.0).
The best way to have this enabled using an iRule would be to rewrite the Cookie header using string search and replace.
You would have to capture responses from the web server, search for the following header: "Set-Cookie: my_cookie=abcd;" and rewrite it as: "Set-Cookie: my_cookie=abcd; SameSite=Lax"