Hi Mark Thomas, Thanks a lot for the information. Answers for your question
In which context.xml file? The global one, the host one or a web application specific one? I have changed in global context.xml which is located in conf/context.xml. Regards, Abirami.S -----Original Message----- From: Mark Thomas <ma...@apache.org> Sent: Tuesday, June 9, 2020 1:50 PM To: users@tomcat.apache.org Subject: Re: Regarding context.xml changes impact other web service not deployed On 09/06/2020 06:59, S Abirami wrote: > Hi Team, > > In our product to address security vulnerability in context.xml, > we have introduced following entry > > <CookieProcessor sameSiteCookies="strict" /> In which context.xml file? The global one, the host one or a web application specific one? > After introducing the above line, I noticed few rest service which is not > deployed in that Tomcat also getting impact. I'd guess not a web application specific one the > Deployment Details > > Deployed : RHEL > Tomcat Installation format : tar.gz > > Hence, interested to know about the internal implementation of the context > in Tomcat to understand the impact. Global web.xml provides defaults for all web applications. Host level provides defaults for all web applications in a given host. Web application provides settings for just that web application. Don't add <Context .../> elements to server.xml Settings in more specific files take priority. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org