This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new d229dd6 Add SameSite=strict for cookies from /examples d229dd6 is described below commit d229dd6f481714bd95f6e20686c723f802b7a793 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Nov 10 09:54:36 2020 +0000 Add SameSite=strict for cookies from /examples --- webapps/docs/changelog.xml | 5 +++++ webapps/examples/META-INF/context.xml | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 02a5019..9f4e3cd 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -123,6 +123,11 @@ <bug>64797</bug>: Align manager.xml template file in Host-Manager with context.xml of real Manager web application. (isapir) </fix> + <add> + Configure the examples web applications to set + <code>SameSite=strict</code> for all cookies, including session cookies, + created by the application. (markt) + </add> </changelog> </subsection> <subsection name="Other"> diff --git a/webapps/examples/META-INF/context.xml b/webapps/examples/META-INF/context.xml new file mode 100644 index 0000000..b388b2a --- /dev/null +++ b/webapps/examples/META-INF/context.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<Context antiResourceLocking="false" privileged="true" > + <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" + sameSiteCookies="strict" /> +</Context> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org