Hi Chris,
Thanks a lot for the hints!
Here is my PR: https://github.com/apache/tomcat/pull/452
Best Regards,
Polina
On Sat, Aug 28, 2021 at 12:52 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Polina,
>
> On 8/26/21 10:48, Polina Georgieva wrote
Hello,
Currently the RestCsrfPreventionFilter is responding with 403 response when
the csrf token sent in the request is different from the one stored in the
session.
However except the 403 response code visible in the http access log file,
there’s no indication what happened and why is the
we’ll consider it for our next major version. Meanwhile do you think
LegacyCookieProcessor could be changed to non final?
Best Regards,
Polina
On Wed, Jan 20, 2021 at 11:45 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Polina,
>
> On 1/20/21 04:24, Polina Geor
Hi Chris,
>I'm curious: what customization do you need, here?
We’d like to override the generateHeader(Cookie cookie, HttpServletRequest
request) because we need to centrally handle the addition of the sameSite
cookie attribute of the session cookie as some old browser versions do not
support
Hello,
On our Tomcat 8 we are currently using
org.apache.tomcat.util.http.LegacyCookieProcessor and we need to override
its method generateHeader(Cookie cookie, HttpServletRequest request) to
handle sameSite cookie attribute in a custom way. However the
LegacyCookieProcessor class is final (not
Hi all,
Would you please clarify the compatibility restrictions (if any) between
the Apache Tomcat Native Lib and its dependencies on one hand and between
Apache Tomcat server and the native lib. My questions are based on the
information available here: http://tomcat.apache.org/native-doc/