You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/11/10 09:59:56 UTC
[tomcat] branch master updated: Add SameSite=strict for cookies
from /examples
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 35347c5 Add SameSite=strict for cookies from /examples
35347c5 is described below
commit 35347c5893b3b2f63277a6c65e2824ed25a04939
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Nov 10 09:54:36 2020 +0000
Add SameSite=strict for cookies from /examples
---
webapps/docs/changelog.xml | 5 +++++
webapps/examples/META-INF/context.xml | 21 +++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fd14274..5e66486 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -185,6 +185,11 @@
<bug>64797</bug>: Align manager.xml template file in Host-Manager with
context.xml of real Manager web application. (isapir)
</fix>
+ <add>
+ Configure the examples web applications to set
+ <code>SameSite=strict</code> for all cookies, including session cookies,
+ created by the application. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml
new file mode 100644
index 0000000..b388b2a
--- /dev/null
+++ b/webapps/examples/META-INF/context.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+ <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+ sameSiteCookies="strict" />
+</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org