Ubuntu
libapache2-mod-auth-mellon package

MellonCookieSameSite don't support the value None for Bionic

Asked by Oliver Schüßler

On a server with Bionic MellonCookieSameSite does not support the value "None" , which works in the version for Focal.

Setting the value MellonCookieSameSite to None on Bionic, causes this error:
AH00526: Syntax error ... The MellonCookieSameSite parameter must be 'lax' or 'strict'

The value works on Focal and don't give a syntax error.

On Bionic the packages comes with version 0.13.1-1ubuntu0.3 but Focal has 0.16.0-1ubuntu0.1 - is it possible to backport the version to Bionic?

NEWS from source code:

Version 0.16.0
---------------------------------------------------------------------------

Enhancements:

 * The MellonCookieSameSite option accepts a new valid "None". This is intended
   to be used together with "MellonSecureCookie On". With some newer browsers,
   only cookies with "SameSite=None; Secure" would be available for cross-site
   access.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu libapache2-mod-auth-mellon Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Manfred Hampl suggests this article as an answer to your question:
FAQ #3037: “no rolling release”.

Revision history for this message
Manfred Hampl (m-hampl) said (last edit ): 		#2

See the FAQ linked above for the rules for a SRU.

Comparing https://launchpad.net/ubuntu/bionic/amd64/libapache2-mod-auth-mellon/0.13.1-1ubuntu0.3 and https://launchpad.net/ubuntu/focal/amd64/libapache2-mod-auth-mellon/0.16.0-1ubuntu0.1 shows identical dependencies. So it might be possible to manually install the version for focal on bionic.

Can you help with this problem?

Provide an answer of your own, or ask Oliver Schüßler for more information if necessary.

To post a message you must log in.