You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/03/20 16:54:50 UTC
[ofbiz-plugins] branch release17.12 updated: Fixed: Ensure that the
SameSite attribute is set to 'strict' for all cookies.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release17.12 by this push:
new 62f9b45 Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
62f9b45 is described below
commit 62f9b45dcf3293296985c2c1106e06e0a29fda66
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Mar 20 17:51:00 2020 +0100
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
(OFBIZ-11470)
As reported by OWASP ZAP:
A cookie has been set without the SameSite attribute, which means that the
cookie can be sent as a result of a 'cross-site' request. The SameSite attribute
is an effective counter measure to cross-site request forgery, cross-site script
inclusion, and timing attacks.
The solution was not obvious in OFBiz for 2 reasons:
1. There is no HttpServletResponse::setHeader. So we need to use a filter
(SameSiteFilter) and even that is not enough because of 2:
2. To prevent session fixation we force Tomcat to generates a new jsessionId,
ultimately put in cookie, in LoginWorker::login. So we need to add a call to
SameSiteFilter::addSameSiteCookieAttribute in
UtilHttp::setResponseBrowserDefaultSecurityHeaders.
---
assetmaint/webapp/assetmaint/WEB-INF/web.xml | 9 +++++++++
assetmaint/webapp/ismgr/WEB-INF/web.xml | 9 +++++++++
bi/webapp/bi/WEB-INF/web.xml | 9 +++++++++
birt/webapp/accounting/WEB-INF/web.xml | 9 +++++++++
birt/webapp/birt/WEB-INF/web.xml | 9 +++++++++
birt/webapp/facility/WEB-INF/web.xml | 9 +++++++++
birt/webapp/ordermgr/WEB-INF/web.xml | 9 +++++++++
ebay/webapp/ebay/WEB-INF/web.xml | 9 +++++++++
ebaystore/webapp/ebaystore/WEB-INF/web.xml | 9 +++++++++
ecommerce/webapp/ecommerce/WEB-INF/web.xml | 9 +++++++++
example/webapp/example/WEB-INF/web.xml | 9 +++++++++
exampleext/webapp/exampleext/WEB-INF/web.xml | 9 +++++++++
lucene/webapp/content/WEB-INF/web.xml | 9 +++++++++
msggateway/webapp/msggateway/WEB-INF/web.xml | 6 ++++++
myportal/webapp/myportal/WEB-INF/web.xml | 9 +++++++++
pricat/webapp/pricat/WEB-INF/web.xml | 9 +++++++++
pricat/webapp/pricatdemo/WEB-INF/web.xml | 9 +++++++++
projectmgr/webapp/projectmgr/WEB-INF/web.xml | 9 +++++++++
scrum/webapp/demotest/WEB-INF/web.xml | 9 +++++++++
scrum/webapp/scrum/WEB-INF/web.xml | 9 +++++++++
webpos/webapp/webpos/WEB-INF/web.xml | 9 +++++++++
21 files changed, 186 insertions(+)
diff --git a/assetmaint/webapp/assetmaint/WEB-INF/web.xml b/assetmaint/webapp/assetmaint/WEB-INF/web.xml
index b77dbfe..72bd3b8 100644
--- a/assetmaint/webapp/assetmaint/WEB-INF/web.xml
+++ b/assetmaint/webapp/assetmaint/WEB-INF/web.xml
@@ -77,6 +77,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -85,6 +90,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/assetmaint/webapp/ismgr/WEB-INF/web.xml b/assetmaint/webapp/ismgr/WEB-INF/web.xml
index 2a2d462..fe14a40 100644
--- a/assetmaint/webapp/ismgr/WEB-INF/web.xml
+++ b/assetmaint/webapp/ismgr/WEB-INF/web.xml
@@ -72,6 +72,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -80,6 +85,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/bi/webapp/bi/WEB-INF/web.xml b/bi/webapp/bi/WEB-INF/web.xml
index 47f4646..ab12741 100644
--- a/bi/webapp/bi/WEB-INF/web.xml
+++ b/bi/webapp/bi/WEB-INF/web.xml
@@ -57,6 +57,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/accounting/WEB-INF/web.xml b/birt/webapp/accounting/WEB-INF/web.xml
index 1f86b35..c45dbbf 100644
--- a/birt/webapp/accounting/WEB-INF/web.xml
+++ b/birt/webapp/accounting/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/birt/WEB-INF/web.xml b/birt/webapp/birt/WEB-INF/web.xml
index 1056ac3..c06dae0 100644
--- a/birt/webapp/birt/WEB-INF/web.xml
+++ b/birt/webapp/birt/WEB-INF/web.xml
@@ -54,6 +54,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -62,6 +67,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/facility/WEB-INF/web.xml b/birt/webapp/facility/WEB-INF/web.xml
index 9f426bf..1fd3f6e 100644
--- a/birt/webapp/facility/WEB-INF/web.xml
+++ b/birt/webapp/facility/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/ordermgr/WEB-INF/web.xml b/birt/webapp/ordermgr/WEB-INF/web.xml
index 60d9b58..10d1a1c 100644
--- a/birt/webapp/ordermgr/WEB-INF/web.xml
+++ b/birt/webapp/ordermgr/WEB-INF/web.xml
@@ -58,6 +58,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -66,6 +71,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ebay/webapp/ebay/WEB-INF/web.xml b/ebay/webapp/ebay/WEB-INF/web.xml
index 13118e1..1f8c900 100644
--- a/ebay/webapp/ebay/WEB-INF/web.xml
+++ b/ebay/webapp/ebay/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ebaystore/webapp/ebaystore/WEB-INF/web.xml b/ebaystore/webapp/ebaystore/WEB-INF/web.xml
index ca2d340..7c0f087 100644
--- a/ebaystore/webapp/ebaystore/WEB-INF/web.xml
+++ b/ebaystore/webapp/ebaystore/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/web.xml b/ecommerce/webapp/ecommerce/WEB-INF/web.xml
index c299c6b..4926d0e 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/web.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/web.xml
@@ -85,6 +85,11 @@ under the License.
<param-value>/control/main</param-value>
</init-param>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -101,6 +106,10 @@ under the License.
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
<!-- <listener><listener-class>org.apache.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
diff --git a/example/webapp/example/WEB-INF/web.xml b/example/webapp/example/WEB-INF/web.xml
index 8acd303..6417d05 100644
--- a/example/webapp/example/WEB-INF/web.xml
+++ b/example/webapp/example/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/exampleext/webapp/exampleext/WEB-INF/web.xml b/exampleext/webapp/exampleext/WEB-INF/web.xml
index eb72228..8b3edf8 100644
--- a/exampleext/webapp/exampleext/WEB-INF/web.xml
+++ b/exampleext/webapp/exampleext/WEB-INF/web.xml
@@ -55,6 +55,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -63,6 +68,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/lucene/webapp/content/WEB-INF/web.xml b/lucene/webapp/content/WEB-INF/web.xml
index 3408913..c7f6f5f 100644
--- a/lucene/webapp/content/WEB-INF/web.xml
+++ b/lucene/webapp/content/WEB-INF/web.xml
@@ -70,6 +70,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -78,6 +83,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/msggateway/webapp/msggateway/WEB-INF/web.xml b/msggateway/webapp/msggateway/WEB-INF/web.xml
index 9066299..f2bb225 100644
--- a/msggateway/webapp/msggateway/WEB-INF/web.xml
+++ b/msggateway/webapp/msggateway/WEB-INF/web.xml
@@ -61,8 +61,14 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping><filter-name>ControlFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<filter-mapping><filter-name>ContextFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
+ <filter-mapping><filter-name>SameSiteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/myportal/webapp/myportal/WEB-INF/web.xml b/myportal/webapp/myportal/WEB-INF/web.xml
index f1480d5..9e9e040 100644
--- a/myportal/webapp/myportal/WEB-INF/web.xml
+++ b/myportal/webapp/myportal/WEB-INF/web.xml
@@ -57,6 +57,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/pricat/webapp/pricat/WEB-INF/web.xml b/pricat/webapp/pricat/WEB-INF/web.xml
index 29d64e9..22cd61d 100644
--- a/pricat/webapp/pricat/WEB-INF/web.xml
+++ b/pricat/webapp/pricat/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/pricat/webapp/pricatdemo/WEB-INF/web.xml b/pricat/webapp/pricatdemo/WEB-INF/web.xml
index 447883e..c4edfb3 100644
--- a/pricat/webapp/pricatdemo/WEB-INF/web.xml
+++ b/pricat/webapp/pricatdemo/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/projectmgr/webapp/projectmgr/WEB-INF/web.xml b/projectmgr/webapp/projectmgr/WEB-INF/web.xml
index 6cbf472..783d3f2 100644
--- a/projectmgr/webapp/projectmgr/WEB-INF/web.xml
+++ b/projectmgr/webapp/projectmgr/WEB-INF/web.xml
@@ -56,6 +56,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -64,6 +69,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/scrum/webapp/demotest/WEB-INF/web.xml b/scrum/webapp/demotest/WEB-INF/web.xml
index 5c8b85d..0b14b50 100644
--- a/scrum/webapp/demotest/WEB-INF/web.xml
+++ b/scrum/webapp/demotest/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener>
<listener-class>org.apache.ofbiz.webapp.control.ControlEventListener
diff --git a/scrum/webapp/scrum/WEB-INF/web.xml b/scrum/webapp/scrum/WEB-INF/web.xml
index 11d7000..6f2ec6f 100644
--- a/scrum/webapp/scrum/WEB-INF/web.xml
+++ b/scrum/webapp/scrum/WEB-INF/web.xml
@@ -53,6 +53,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -61,6 +66,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/webpos/webapp/webpos/WEB-INF/web.xml b/webpos/webapp/webpos/WEB-INF/web.xml
index 1be2f7e..a2d4d15 100644
--- a/webpos/webapp/webpos/WEB-INF/web.xml
+++ b/webpos/webapp/webpos/WEB-INF/web.xml
@@ -61,6 +61,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -69,6 +74,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->