On 09/06/2020 06:59, S Abirami wrote: > Hi Team, > > In our product to address security vulnerability in context.xml, we have > introduced following entry > > <CookieProcessor sameSiteCookies="strict" />
In which context.xml file? The global one, the host one or a web application specific one? > After introducing the above line, I noticed few rest service which is not > deployed in that Tomcat also getting impact. I'd guess not a web application specific one the > Deployment Details > > Deployed : RHEL > Tomcat Installation format : tar.gz > > Hence, interested to know about the internal implementation of the context > in Tomcat to understand the impact. Global web.xml provides defaults for all web applications. Host level provides defaults for all web applications in a given host. Web application provides settings for just that web application. Don't add <Context .../> elements to server.xml Settings in more specific files take priority. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org