I can get the component to insert the proper CORS headers, however the SameSite=None required for Chrome v80+ never gets called - the response is already committed when the routine is called and it always returns without modifying the cookie.
private void rewriteSessionCookieForCrossSite(HttpServletResponse response) {
if (response.isCommitted()) {
return;
}
I tried removing the code but I don’t think one can change the cookie after the response is committed.
What server are you using? Remove the line probably does not help, instead the method would need to be called earlier
Wildfly 16
I tried calling the line before the chain.doFilter(request, response) but at this point there never seems to be a cookie set, so nothing gets modified.
The strange thing is that it works on some browsers and not others. My latest Windows Chrome Version 80.0.3987.163 works fine, but my Android Chrome Version Version 80.0.3987.162 the iFrame vaadin app (in this case I’m a iFrame app because of the embedded vaadin app bug that changes the sites css) opens the red “Cookies disabled …” error window.
Try version 1.2.0 that I just published