IMPORTANT: This post is kept only as a reference, now Lift since the 3.5.0-SNAPSHOT version supports SameSite cookie, more info at https://github.com/lift/framework/pull/1990
This is a sample code on how to add the SameSite value to HTTP cookies using Lift as an alternative until SameSite is officially supported at Lift and/or Servlet level.
Because the major browsers set the usage of SameSite as required nowadays for enforcing better security and if you want to call an API along with your Lift application you will need something to make SameSite cookies work, even as a workaround.
Cookies are no more than text-based headers, so in this sample workaround we are just using Netty to encode the cookie (including SameSite) as a string and then added as a "Set-Cookie" standard header
Please review the recent commits to check how it's done using Lift base cookies and how to then use them with Netty for leveraging the SameSite cookies.
- Clone this repo
- Install and run sbt
- Execute jetty:quickstart inside SBT
- Go to http://localhost:8080 with your favorite browser
- Click on the Set Cookie menu item to add a cookie value
- Click on the Read Cookie to check the cookie value is correctly read
NOTE: At source code level please start at CookieSnippet.scala