Fix sameSite (Traefik v2)

2020-03-23 11:24:05 +01:00 · 2020-03-23 11:24:05 +01:00 · 0c28630948
commit 0c28630948
parent 198320be8a
14 changed files with 77 additions and 8 deletions
--- a/docs/content/routing/providers/consul-catalog.md
+++ b/docs/content/routing/providers/consul-catalog.md
@ -225,6 +225,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
    traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true
    ```

+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none
+    ```
+
 ??? info "`traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval`"
    <!-- TODO doc responseforwarding in services page -->
    
--- a/docs/content/routing/providers/docker.md
+++ b/docs/content/routing/providers/docker.md
@ -358,6 +358,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
    - "traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true"
    ```

+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    - "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none"
+    ```
+
 ??? info "`traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval`"

    See [response forwarding](../services/index.md#response-forwarding) for more information.
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@ -195,6 +195,7 @@ Register the `IngressRoute` kind in the Kubernetes cluster before creating `Ingr
              httpOnly: true
              name: cookie
              secure: true
+              sameSite: none
          strategy: RoundRobin
          weight: 10
      tls:                              # [9]
--- a/docs/content/routing/providers/marathon.md
+++ b/docs/content/routing/providers/marathon.md
@ -256,6 +256,14 @@ For example, to change the passHostHeader behavior, you'd add the label `"traefi
    "traefik.http.services.myservice.loadbalancer.sticky.cookie.secure": "true"
    ```

+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```json
+    "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite": "none"
+    ```
+
 ??? info "`traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval`"
    
    See [response forwarding](../services/index.md#response-forwarding) for more information.
--- a/docs/content/routing/providers/rancher.md
+++ b/docs/content/routing/providers/rancher.md
@ -262,6 +262,14 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
    - "traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true"
    ```

+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    - "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none"
+    ```
+
 ??? info "`traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval`"
    
    See [response forwarding](../services/index.md#response-forwarding) for more information.
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@ -156,9 +156,12 @@ On subsequent requests, the client is forwarded to the same server.

    The default cookie name is an abbreviation of a sha1 (ex: `_1d52e`).

-!!! info "Secure & HTTPOnly flags"
+!!! info "Secure & HTTPOnly & SameSite flags"

-    By default, the affinity cookie is created without those flags. One however can change that through configuration.
+    By default, the affinity cookie is created without those flags.
+    One however can change that through configuration.
+    
+    `SameSite` can be `none`, `lax`, `strict` or empty.

 ??? example "Adding Stickiness -- Using the [File Provider](../../providers/file.md)"

@ -189,6 +192,7 @@ On subsequent requests, the client is forwarded to the same server.
          name = "my_sticky_cookie_name"
          secure = true
          httpOnly = true
+          sameSite = "none"
    ```

    ```yaml tab="YAML"