diff options
| author | Anton Tananaev <anton.tananaev@gmail.com> | 2020-09-05 15:52:45 -0700 |
|---|---|---|
| committer | Anton Tananaev <anton.tananaev@gmail.com> | 2020-09-05 15:52:45 -0700 |
| commit | 03bd0f0d0945a80f5af19d06d37ff31a52d294ed (patch) | |
| tree | 0412bafe5f785c2bba32730d0a8d7488558fd70d /src/main/java/org/traccar/web | |
| parent | 0fbfe5160af67440c495ee1589b435a82e136e10 (diff) | |
| download | traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.gz traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.bz2 traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.zip | |
Update SameSite configuration
Diffstat (limited to 'src/main/java/org/traccar/web')
| -rw-r--r-- | src/main/java/org/traccar/web/WebServer.java | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java index 3f2a24815..44d78cd27 100644 --- a/src/main/java/org/traccar/web/WebServer.java +++ b/src/main/java/org/traccar/web/WebServer.java @@ -15,6 +15,7 @@ */ package org.traccar.web; +import org.eclipse.jetty.http.HttpCookie; import org.eclipse.jetty.http.HttpMethod; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.proxy.AsyncProxyServlet; @@ -45,6 +46,7 @@ import org.traccar.config.Keys; import javax.servlet.DispatcherType; import javax.servlet.ServletException; +import javax.servlet.SessionCookieConfig; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.File; @@ -76,12 +78,8 @@ public class WebServer { ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); - int sessionTimeout = config.getInteger("web.sessionTimeout"); - if (sessionTimeout > 0) { - servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); - } - initApi(config, servletHandler); + initSessionConfig(config, servletHandler); if (config.getBoolean("web.console")) { servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*"); @@ -167,10 +165,31 @@ public class WebServer { SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class); resourceConfig.packages(ServerResource.class.getPackage().getName()); servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*"); + } - if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) { - servletHandler.getServletContext().getSessionCookieConfig().setSecure(true); - servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__"); + private void initSessionConfig(Config config, ServletContextHandler servletHandler) { + int sessionTimeout = config.getInteger("web.sessionTimeout"); + if (sessionTimeout > 0) { + servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); + } + + String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE); + if (sameSiteCookie != null) { + SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig(); + switch (sameSiteCookie.toLowerCase()) { + case "lax": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT); + break; + case "strict": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT); + break; + case "none": + sessionCookieConfig.setSecure(true); + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT); + break; + default: + break; + } } } |