How To Set SameSite on Gateway? Release 8.0.10

ascriven · March 26, 2020, 4:13am

I am having an issue where an embedded perspective view no longer works in Google Chrome. I believe this is due to Google Chrome recently defaulting the SameSite attribute to "Strict" unless specified otherwise.

The release notes for 8.0.10 describe the ability to set the SameSite attribute for the gateway (Link).

System property ignition.http.session.cookie.same-site.enabled can be set to true in order to specify the SameSite attribute on Gateway session cookies (default is false). When the SameSite attribute is enabled, system property ignition.http.session.cookie.same-site.value can be used to set the value of the SameSite attribute. Acceptable values are Strict, Lax, and None (default is Strict). See Set-Cookie - HTTP | MDN for descriptions for how these values work in web browsers.

I've updated Ignition to 8.0.10 but I can't find this setting anywhere?! Where is it? Do I need to add it to a config file somewhere? Any help would be appreciated!

James.Lorenz · March 26, 2020, 8:34am

System properties like this are added in the ignition.conf file, which is located in the data folder of your Ignition installation.

In the ignition.conf file you’ll want to find the Java Additional Parameters section, which on most 8.0 installs will look like this:

wrapper.java.additional.1=-Ddata.dir=data
#wrapper.java.additional.2=-Xdebug
#wrapper.java.additional.3=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:8000

You’ll want to add the additional properties underneath the -Ddata.dir property already in use, like so:

wrapper.java.additional.1=-Ddata.dir=data
wrapper.java.additional.2=-Dignition.http.session.cookie.same-site.enabled=true
wrapper.java.additional.3=-Dignition.http.session.cookie.same-site.value=Lax
#wrapper.java.additional.2=-Xdebug
#wrapper.java.additional.3=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:8000

ascriven · March 26, 2020, 12:50pm

Thank you very much for your help, that worked!

Just in case anyone else is trying to do the same thing I had to add one more property. By default ignition.http.header.x_frame_options.enabled is set to true. That had to be set to false or no embedding is allowed. Link

Lines I added:

wrapper.java.additional.4=-Dignition.http.session.cookie.same-site.enabled=true
wrapper.java.additional.5=-Dignition.http.session.cookie.same-site.value=None
wrapper.java.additional.6=-Dignition.http.header.x_frame_options.enabled=false