cancel
Showing results for 
Search instead for 
Did you mean: 

SameSite cookies and APM with v15

Rene_C_
Nimbostratus
Nimbostratus

Hi,

 

so i was just going to implement adding the samesite attribute to our APM cookies (MRHSession etc) when i failed miserably, because it seems the change, that you cannot read any HTTP headers after having an irule respond command also applies to APM responses.....

 

when CLIENT_ACCEPTED {   ACCESS::restrict_irule_events disable } when HTTP_REQUEST priority 50 {     set userAgent [HTTP::header User-Agent] } when HTTP_RESPONSE_RELEASE priority 50 {   if {![info exists userAgent]} {       return   }      if {![call /Common/RuleUtil::check_samesite_config $userAgent]} {       unset -nocomplain userAgent       return   }   unset -nocomplain userAgent   set named_cookies [list {MRHSession} {LastMRH_Session}]     foreach cookie $named_cookies { if { [HTTP::cookie exists $cookie] } { HTTP::cookie attribute $cookie remove {SameSite} HTTP::cookie attribute $cookie insert {SameSite} "None" HTTP::cookie secure $cookie enable } }   unset -nocomplain $named_cookies }

 

 

This results in:

Aug 24 11:52:49 redacted err tmm[20803]: 01220001:3: TCL error: /Common/SET_SAMESITE_APM_COOKIES <HTTP_RESPONSE_RELEASE> - Can't call after responding - ERR_NOT_SUPPORTED (line 23)  invoked from within "HTTP::cookie exists $cookie"  ("foreach" body line 3)  invoked from within "foreach cookie $named_cookies { if { [HTTP::cookie exists $cookie] } { log loca..."

 

And after a quick check i noticed that HTTP::has_responded does indeed return 1 for APM events.

 

 

So, how are we supposed to support SameSite attributes on APM cookies in v15?

 

Thanks!

Rene

 

 

 

0 REPLIES 0