You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/11/10 10:00:01 UTC
[tomcat] branch 9.0.x updated: Add SameSite=strict for cookies from
/examples
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8626033 Add SameSite=strict for cookies from /examples
8626033 is described below
commit 862603361bdf2034319bbaaf9ae9845aa418fd2e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 10 09:54:36 2020 +0000
Add SameSite=strict for cookies from /examples
---
webapps/docs/changelog.xml | 5 +++++
webapps/examples/META-INF/context.xml | 21 +++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6018dfb..168806b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,11 @@
<bug>64797</bug>: Align manager.xml template file in Host-Manager with
context.xml of real Manager web application. (isapir)
</fix>
+ <add>
+ Configure the examples web applications to set
+ <code>SameSite=strict</code> for all cookies, including session cookies,
+ created by the application. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml
new file mode 100644
index 0000000..b388b2a
--- /dev/null
+++ b/webapps/examples/META-INF/context.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+ <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+ sameSiteCookies="strict" />
+</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org