For security reasons I suggest these cookies JSESSIONID, CSRF_TOKEN, NextURL be set to SameSite in Resilient.
Thank you for the insight,
We have no current plans to address this request so I'd proceed with your risk acceptance based on this for now.
Our internal testing teams continue to find NextURL cookie does not have the SameSite attribute set. validation failed.
If this consideration will not be put in place please advise as we will need to mark this as a risk acceptance based on vendor configuration.
FYI, We have built-in CSRF protection already just to put the SameSite protection into context.
You won't be notified about changes to this idea.