This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new f7cdc1c208 Fix BZ 68348 - add support for the cookie attribute
partitioned
f7cdc1c208 is described below
commit f7cdc1c208ee213b1392a767fe76db327a9b0536
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 4 12:52:17 2024 +0000
Fix BZ 68348 - add support for the cookie attribute partitioned
https://bz.apache.org/bugzilla/show_bug.cgi?id=68348
There is no separate configuration for session cookies as Java EE 8 does
not support generic cookie attributes.
---
.../tomcat/util/http/CookieProcessorBase.java | 34 ++++++++++++++++++++++
.../tomcat/util/http/LegacyCookieProcessor.java | 4 +++
.../tomcat/util/http/Rfc6265CookieProcessor.java | 4 +++
.../util/http/TestCookieProcessorGeneration.java | 30 +++++++++++++++++++
webapps/docs/changelog.xml | 4 +++
webapps/docs/config/cookie-processor.xml | 7 +++++
6 files changed, 83 insertions(+)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 00c852cc75..5815ca4cd4 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -40,6 +40,9 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
private SameSiteCookies sameSiteCookies = SameSiteCookies.UNSET;
+ private boolean partitioned = false;
+
+
public SameSiteCookies getSameSiteCookies() {
return sameSiteCookies;
}
@@ -47,4 +50,35 @@ public abstract class CookieProcessorBase implements
CookieProcessor {
public void setSameSiteCookies(String sameSiteCookies) {
this.sameSiteCookies = SameSiteCookies.fromString(sameSiteCookies);
}
+
+
+ /**
+ * Should the {@code Partitioned} attribute be added by default to cookies
created for this web application.
+ * <p>
+ * The name of the attribute used to indicate a partitioned cookie as part
of
+ * <a
href="https://developers.google.com/privacy-sandbox/3pcd#partitioned";>CHIPS</a>
is not defined by an RFC and
+ * may change in a non-backwards compatible way once equivalent
functionality is included in an RFC.
+ *
+ * @return {@code true} if the {@code Partitioned} attribute should be
added by default to cookies created for this
+ * web application, otherwise {@code false}
+ */
+ public boolean getPartitioned() {
+ return partitioned;
+ }
+
+
+ /**
+ * Configure whether the {@code Partitioned} attribute should be added by
default to cookies created for this web
+ * application.
+ * <p>
+ * The name of the attribute used to indicate a partitioned cookie as part
of
+ * <a
href="https://developers.google.com/privacy-sandbox/3pcd#partitioned";>CHIPS</a>
is not defined by an RFC and
+ * may change in a non-backwards compatible way once equivalent
functionality is included in an RFC.
+ *
+ * @param partitioned {@code true} if the {@code Partitioned} attribute
should be added by default to cookies
+ * created for this web application, otherwise
{@code false}
+ */
+ public void setPartitioned(boolean partitioned) {
+ this.partitioned = partitioned;
+ }
}
diff --git a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
index 5e622d8f2f..8d5a6161fc 100644
--- a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
@@ -330,6 +330,10 @@ public final class LegacyCookieProcessor extends
CookieProcessorBase {
buf.append(sameSiteCookiesValue.getValue());
}
+ if (getPartitioned()) {
+ buf.append("; Partitioned");
+ }
+
return buf.toString();
}
diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
index 41a66717b5..1c8b014739 100644
--- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
@@ -173,6 +173,10 @@ public class Rfc6265CookieProcessor extends
CookieProcessorBase {
header.append(sameSiteCookiesValue.getValue());
}
+ if (getPartitioned()) {
+ header.append("; Partitioned");
+ }
+
return header.toString();
}
diff --git
a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index a58004c2f3..7d698c8aac 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -316,6 +316,36 @@ public class TestCookieProcessorGeneration {
Assert.assertEquals("foo=bar; Secure; HttpOnly; SameSite=Strict",
rfc6265.generateHeader(cookie));
}
+
+ @Test
+ public void testPartitionedCookies() {
+ Rfc6265CookieProcessor rfc6265 = new Rfc6265CookieProcessor();
+
+ Cookie cookie = new Cookie("foo", "bar");
+
+ Assert.assertEquals("foo=bar", rfc6265.generateHeader(cookie, null));
+
+ rfc6265.setPartitioned(false);
+
+ Assert.assertEquals("foo=bar", rfc6265.generateHeader(cookie, null));
+
+ rfc6265.setPartitioned(true);
+
+ Assert.assertEquals("foo=bar; Partitioned",
rfc6265.generateHeader(cookie, null));
+
+ cookie.setSecure(true);
+ cookie.setHttpOnly(true);
+
+ rfc6265.setPartitioned(false);
+
+ Assert.assertEquals("foo=bar; Secure; HttpOnly",
rfc6265.generateHeader(cookie, null));
+
+ rfc6265.setPartitioned(true);
+
+ Assert.assertEquals("foo=bar; Secure; HttpOnly; Partitioned",
rfc6265.generateHeader(cookie, null));
+ }
+
+
private void doTest(Cookie cookie, String expected) {
doTest(cookie, expected, expected);
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8971d4be46..60f4d63923 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -139,6 +139,10 @@
used in the request line, if any, to make the check case insensitive
since host names are case insensitive. (markt)
</fix>
+ <add>
+ <bug>68348</bug>: Add support for the partitioned attribute for cookies
+ including session cookies. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Web Applications">
diff --git a/webapps/docs/config/cookie-processor.xml
b/webapps/docs/config/cookie-processor.xml
index 2d7f674e65..54590577bf 100644
--- a/webapps/docs/config/cookie-processor.xml
+++ b/webapps/docs/config/cookie-processor.xml
@@ -99,6 +99,13 @@
<attributes>
+ <attribute name="partitioned" required="false">
+ <p>Should the Partitioned flag be set on cookies? Defaults to
<code>false</code>.</p>
+ <p>Note: The name of the attribute used to indicate a partitioned
cookie as part of
+ <a
href="https://developers.google.com/privacy-sandbox/3pcd#partitioned";>CHIPS</a>
is not defined by an RFC and
+ may change in a non-backwards compatible way once equivalent
functionality is included in an RFC.</p>
+ </attribute>
+
<attribute name="sameSiteCookies" required="false">
<p>Enables setting same-site cookie attribute.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
