Same Site Cookie

I just found this article by Mozilla: Changes to SameSite Cookie Behavior – A Call to Action for Web Developers and wonder if there is action needed in Plone? Any opinions?

Last/latest Chrome version(s) will report such issues on the console (and I think there is a dedicated tab in the dev tools of Chrome). I would not find any issue with two sites using cookies heavily.

I saw a warning these days while working in the ZMI, plain Zope, though.

Had no chance to dig deeper, yet.

TIL that you can register a utility to tweak the cookie parameters, e.g.:

<configure xmlns="http://namespaces.zope.org/zope">
  <utility factory=".cookie.CustomCookieParamPolicy" />
</configure>
from ZPublisher.cookie import convertCookieParameter
from ZPublisher.cookie import DefaultCookieParamPolicy


class CustomCookieParamPolicy(DefaultCookieParamPolicy):
    @staticmethod
    def parameters(name, attrs):
        """Adds the SameSite cookie attribute to the parameters."""
        for item in super(CustomCookieParamPolicy, CustomCookieParamPolicy).parameters(
            name, attrs
        ):
            yield item
        if "SameSite" not in attrs:
            yield convertCookieParameter("SameSite", "Lax")
1 Like

I think you need to iterate over the result of the super call and yield them as well or the parameters from plone.session will be dropped.

1 Like

Thanks, I updated the code :slight_smile:

Thanks for sharing. I did not know about that one either.