aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjcardus <joaquim.cardeira@gmail.com>2020-09-05 23:28:13 +0100
committerGitHub <noreply@github.com>2020-09-05 15:28:13 -0700
commit0fbfe5160af67440c495ee1589b435a82e136e10 (patch)
tree0ea592b8b7f0a109c9330543e29ac76c06e6e6b5
parent67f2deee344a508e26370cb7fb91c3f76fcaa521 (diff)
downloadtraccar-server-0fbfe5160af67440c495ee1589b435a82e136e10.tar.gz
traccar-server-0fbfe5160af67440c495ee1589b435a82e136e10.tar.bz2
traccar-server-0fbfe5160af67440c495ee1589b435a82e136e10.zip
Chrome Cross-Site Cookie (#4572)
Chrome samesite cookie problem Co-authored-by: jcardus <joaquim.cardeira@inosat.pt>
-rw-r--r--src/main/java/org/traccar/config/Keys.java7
-rw-r--r--src/main/java/org/traccar/web/WebServer.java5
2 files changed, 12 insertions, 0 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index fb32857d8..fd126a5c4 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -429,6 +429,13 @@ public final class Keys {
public static final ConfigKey WEB_DISABLE_HEALTH_CHECK = new ConfigKey(
"web.disableHealthCheck", Boolean.class);
+ /**
+ * Fixes Chrome SameSite Cookie problem, only works on https
+ * More info here https://wiki.shibboleth.net/confluence/display/DEV/Tomcat+and+Jetty+SameSite+Workarounds
+ */
+ public static final ConfigKey WEB_SAME_SITE_COOKIE_NONE = new ConfigKey(
+ "web.sameSiteCookie.enable", Boolean.class);
+
private Keys() {
}
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
index 7f0ec53b6..3f2a24815 100644
--- a/src/main/java/org/traccar/web/WebServer.java
+++ b/src/main/java/org/traccar/web/WebServer.java
@@ -167,6 +167,11 @@ public class WebServer {
SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class);
resourceConfig.packages(ServerResource.class.getPackage().getName());
servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*");
+
+ if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) {
+ servletHandler.getServletContext().getSessionCookieConfig().setSecure(true);
+ servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__");
+ }
}
public void start() {