SAP Knowledge Base Article - Preview

3502029 - How to set SameSite Attribute for Cookie Security to custom application hosting on XSA?

Symptom

You use SAP UI5 in frontend and node.js in the server layer, also have defined the @sap/approuter in the dependencies of the package.json file in the app module. You are facing Cookie Security - Missing SameSite Attribute issue as following during penetration test of custom application hosting on XSA.

Cookie Security: Missing SameSite Attribute
Description: The SameSite attribute is not set in the set-cookie attribute, which prevents Cross-Site
Request Forgery (CSRF) attacks through the controlled cookie behavior when sections of a site
could direct to third parties. 


Read more...

Environment

  •  SAP HANA extended application services, advanced model (XSA)

Product

SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0

Keywords

Cookie Security, SameSite Attribute, custom app, XSA, XS Advanced, COOKIES, approuter, , KBA , BC-XS-RT , XS Advanced Runtime / XS Controller , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.