Symptom
You use SAP UI5 in frontend and node.js in the server layer, also have defined the @sap/approuter in the dependencies of the package.json file in the app module. You are facing Cookie Security - Missing SameSite Attribute issue as following during penetration test of custom application hosting on XSA.
Cookie Security: Missing SameSite Attribute
Description: The SameSite attribute is not set in the set-cookie attribute, which prevents Cross-Site
Request Forgery (CSRF) attacks through the controlled cookie behavior when sections of a site
could direct to third parties.
Read more...
Environment
- SAP HANA extended application services, advanced model (XSA)
Product
Keywords
Cookie Security, SameSite Attribute, custom app, XSA, XS Advanced, COOKIES, approuter, , KBA , BC-XS-RT , XS Advanced Runtime / XS Controller , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.