SR-D85745 · Issue 545906
DASS and DAS associated to the Pega-ProcessCommander Ruleset
Resolved in Pega Version 8.4.1
An upgrade was failing at the point of Pega Rules Upgrade in the Installer Instance with the error "Encountered database exception when preprocessing deferred operations <insert updatesCache instance DATA-ADMIN-SYSTEM PEGA not only if new>. This node not found in the database - Either the record was never saved or was deleted. Unable to join the cluster." This error occurred because the strategic application import during upgrade manually included a "systemname" DASS instance which had a value other than "prpc". This caused a override of the platform shipped DASS (with value "prpc), which is required by the upgrade. In order to avoid this condition, DASS and DAS have been associated to the Pega-ProcessCommander Ruleset.
SR-D89002 · Issue 549104
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.4.1
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D90485 · Issue 549270
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D90524 · Issue 549048
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.