This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new fcda8f4 Expose the HttpServletRequest to CookieProcessor.generateHeader() fcda8f4 is described below commit fcda8f4e40d38997f167ad7d41a259cb846f9272 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Apr 2 12:36:55 2020 +0100 Expose the HttpServletRequest to CookieProcessor.generateHeader() --- java/org/apache/catalina/connector/Response.java | 11 +++++--- .../catalina/core/ApplicationPushBuilder.java | 2 +- .../apache/tomcat/util/http/CookieProcessor.java | 33 ++++++++++++++++++++++ .../tomcat/util/http/LegacyCookieProcessor.java | 8 ++++++ .../tomcat/util/http/Rfc6265CookieProcessor.java | 8 ++++++ .../util/http/TestCookieProcessorGeneration.java | 6 ++-- webapps/docs/changelog.xml | 6 ++++ 7 files changed, 66 insertions(+), 8 deletions(-) diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java index 3900c30..a58945d 100644 --- a/java/org/apache/catalina/connector/Response.java +++ b/java/org/apache/catalina/connector/Response.java @@ -42,6 +42,7 @@ import javax.servlet.ServletOutputStream; import javax.servlet.ServletResponse; import javax.servlet.SessionTrackingMode; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; @@ -968,9 +969,9 @@ public class Response implements HttpServletResponse { // from the generateHeader() invocation if (SecurityUtil.isPackageProtectionEnabled()) { return AccessController.doPrivileged( - new PrivilegedGenerateCookieString(getContext(), cookie)); + new PrivilegedGenerateCookieString(getContext(), cookie, request.getRequest())); } else { - return getContext().getCookieProcessor().generateHeader(cookie); + return getContext().getCookieProcessor().generateHeader(cookie, request.getRequest()); } } @@ -1829,15 +1830,17 @@ public class Response implements HttpServletResponse { private final Context context; private final Cookie cookie; + private final HttpServletRequest request; - public PrivilegedGenerateCookieString(Context context, Cookie cookie) { + public PrivilegedGenerateCookieString(Context context, Cookie cookie, HttpServletRequest request) { this.context = context; this.cookie = cookie; + this.request = request; } @Override public String run(){ - return context.getCookieProcessor().generateHeader(cookie); + return context.getCookieProcessor().generateHeader(cookie, request); } } diff --git a/java/org/apache/catalina/core/ApplicationPushBuilder.java b/java/org/apache/catalina/core/ApplicationPushBuilder.java index 58858ae..277413e 100644 --- a/java/org/apache/catalina/core/ApplicationPushBuilder.java +++ b/java/org/apache/catalina/core/ApplicationPushBuilder.java @@ -439,7 +439,7 @@ public class ApplicationPushBuilder implements PushBuilder { // However, if passed a Cookie with just a name and value set it // will generate an appropriate header for the Cookie header on the // pushed request. - result.append(cookieProcessor.generateHeader(cookie)); + result.append(cookieProcessor.generateHeader(cookie, null)); } return result.toString(); } diff --git a/java/org/apache/tomcat/util/http/CookieProcessor.java b/java/org/apache/tomcat/util/http/CookieProcessor.java index e0efbf1..19d7070 100644 --- a/java/org/apache/tomcat/util/http/CookieProcessor.java +++ b/java/org/apache/tomcat/util/http/CookieProcessor.java @@ -19,6 +19,7 @@ package org.apache.tomcat.util.http; import java.nio.charset.Charset; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; public interface CookieProcessor { @@ -38,10 +39,42 @@ public interface CookieProcessor { * * @return The header value in a form that can be added directly to the * response + * + * @deprecated This method has been replaced with + * {@link #generateHeader(Cookie, HttpServletRequest)} and will + * be removed from Tomcat 10 onwards. */ + @Deprecated String generateHeader(Cookie cookie); /** + * Generate the {@code Set-Cookie} HTTP header value for the given Cookie. + * This method receives as parameter the servlet request so that it can make + * decisions based on request properties. One such use-case is decide if the + * SameSite attribute should be added to the cookie based on the User-Agent + * or other request header because there are browser versions incompatible + * with the SameSite attribute. This is described by <a + * href="https://www.chromium.org/updates/same-site/incompatible-clients">the + * Chromium project</a>. + * <p> + * The default implementation calls the deprecated + * {@link #generateHeader(Cookie)} method. Implementors should not rely on + * this default method as it is present only for transitional compatibility + * and will be removed in Tomcat 10 at the same time as the + * {@link #generateHeader(Cookie)} method. + * + * @param request The servlet request + * + * @param cookie The cookie for which the header will be generated + * + * @return The header value in a form that can be added directly to the + * response + */ + default String generateHeader(Cookie cookie, HttpServletRequest request) { + return generateHeader(cookie); + } + + /** * Obtain the character set that will be used when converting between bytes * and characters when parsing and/or generating HTTP headers for cookies. * diff --git a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java index 4f9ea2f..ca84541 100644 --- a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java +++ b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java @@ -23,6 +23,7 @@ import java.util.BitSet; import java.util.Date; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -234,6 +235,13 @@ public final class LegacyCookieProcessor extends CookieProcessorBase { @Override public String generateHeader(Cookie cookie) { + return generateHeader(cookie, null); + } + + + @Override + public String generateHeader(Cookie cookie, HttpServletRequest request) { + /* * The spec allows some latitude on when to send the version attribute * with a Set-Cookie header. To be nice to clients, we'll make sure the diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java index 2021f3d..b0ff82f 100644 --- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java +++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java @@ -22,6 +22,8 @@ import java.text.FieldPosition; import java.util.BitSet; import java.util.Date; +import javax.servlet.http.HttpServletRequest; + import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.buf.ByteChunk; @@ -99,6 +101,12 @@ public class Rfc6265CookieProcessor extends CookieProcessorBase { @Override public String generateHeader(javax.servlet.http.Cookie cookie) { + return generateHeader(cookie, null); + } + + + @Override + public String generateHeader(javax.servlet.http.Cookie cookie, HttpServletRequest request) { // Can't use StringBuilder due to DateFormat StringBuffer header = new StringBuffer(); diff --git a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java index c9d4b65..ef0ffc9 100644 --- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java +++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java @@ -358,7 +358,7 @@ public class TestCookieProcessorGeneration { if (expected == null) { IllegalArgumentException e = null; try { - cookieProcessor.generateHeader(cookie); + cookieProcessor.generateHeader(cookie, null); } catch (IllegalArgumentException iae) { e = iae; } @@ -368,9 +368,9 @@ public class TestCookieProcessorGeneration { cookie.getMaxAge() > 0) { // Expires attribute will depend on time cookie is generated so // use a modified test - Assert.assertTrue(cookieProcessor.generateHeader(cookie).startsWith(expected)); + Assert.assertTrue(cookieProcessor.generateHeader(cookie, null).startsWith(expected)); } else { - Assert.assertEquals(expected, cookieProcessor.generateHeader(cookie)); + Assert.assertEquals(expected, cookieProcessor.generateHeader(cookie, null)); } } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index eeeecb3..00f5eb8 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,12 @@ to the application without decoding it in addition to rejecting such sequences and decoding such sequences. (markt) </add> + <add> + Expose the associated <code>HttpServletRequest</code> to the + <code>CookieProcessor</code> when generating a cookie header so the + header can be tailored based on the properties of the request, such as + the user agent, if required. Based on a patch by Lazar Kirchev. (markt) + </add> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org