cancel
Showing results for 
Search instead for 
Did you mean: 

Service Layer SameSite attribute issue

former_member736514
Discoverer

Currently the cookies from SAP b1 service layer login response do not include the samesite attribute. This prevents any browser side cross site communication with the service layer and prevents full usage of the service layer in some major browsers.

Are there any plans to add support for this attribute or a way to set the value for this attribute in the service layer configuration?

ANKIT_CHAUHAN
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi is-haaq,

Kindly create an incident under the component SBO-SDK-SVL. We will follow-up with our Development Team on this topic.

Kindly mention the link to this thread while creating the incident.

Kind regards,

ANKIT CHAUHAN

SAP Business One Support

josedvm
Participant

Was an incident finally created? Is there any update about this?

I was able to perform a succesful request to Login resource, but at least in recent versions of Chrome, cookies are not stored for further responses due to the lack of SameSite attribute and it seems no possible to get the ROUTEID cookie from the jqXHR object in order to add it manually (see also https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/getAllResponseHeaders).

I would like to avoid creating a middleware to call the Service Layer...

ANKIT_CHAUHAN
Product and Topic Expert
Product and Topic Expert
rahuljain257
Participant
0 Kudos

No sir... Its not helpful.

As per the links, the solution they have recommeded to change the settings in the Chrome Browser and if we are using our Web App which is accessed by 100 users then its not advisable to suggest this settings.

I have seen some link - https://blogs.sap.com/2020/08/26/how-to-fix-google-chrome-samesite-cookie-issue-with-sac-and-hana/ but its related to HANA XS and other tools but not specifically for Service Layer.

Does SAP Team have provided any solution on this ?

ANKIT_CHAUHAN
Product and Topic Expert
Product and Topic Expert

Dear is-haaq, rahul.jain257,

This issue has been fixed in Feature Package 2108 for SAP Business One Version 10.0 and is documented in SAP Note 3080362.

Kind regards,

ANKIT CHAUHAN

SAP Business One Support

rahuljain257
Participant
0 Kudos

Thank You for providing the valueable response.

Accepted Solutions (0)

Answers (1)

Answers (1)

rahuljain257
Participant
0 Kudos

Got the solution , Please apply the settings in the below file -

Open the /usr/sap/SAPBusinessOne/ServiceLayer/conf/httpd-b1s-lb.conf

Append the following content:

<ifmodule mod_headers.c>
Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None
</ifmodule>

Restart service layer