SameSite Cookie Attribute

Since recently, Chrome has started throwing warnings for keycloak-specific cookies. It is saying they are missing the SameSite=None attribute and that future versions of Chrome will no longer be sending cookies that are missing this attribute.

To elaborate: browsers today have an implicit value for SameSite (if it is not provided), however, this will change at some point.

Is there an easy way to add this property to cookies? Or is there a plan to include such option in a future release?

Thanks!

2 Likes

Hi, please open a JIRA to request this to be added to Keycloak and we’ll look into it.

Looks like this has been added to Keycloak Gatekeeper but not to Keycloak itself. See: https://github.com/keycloak/keycloak-gatekeeper/pull/482/files

@milan.timotijevic Have you opened an JIRA ticket for this request already?

I’ve opened an issue in Keycloak JIRA: https://issues.jboss.org/browse/KEYCLOAK-12125