Update SameSite configuration

author: Anton Tananaev <anton.tananaev@gmail.com> 2020-09-05 15:52:45 -0700
committer: Anton Tananaev <anton.tananaev@gmail.com> 2020-09-05 15:52:45 -0700
commit: 03bd0f0d0945a80f5af19d06d37ff31a52d294ed (patch)
tree: 0412bafe5f785c2bba32730d0a8d7488558fd70d /src
parent: 0fbfe5160af67440c495ee1589b435a82e136e10 (diff)
download: traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.gz
traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.bz2
traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.zip
2 files changed, 32 insertions, 13 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index fd126a5c4..cd80e68c4 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 Anton Tananaev (anton@traccar.org)
+ * Copyright 2019 - 2020 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -430,11 +430,11 @@ public final class Keys {
             "web.disableHealthCheck", Boolean.class);
 
     /**
-     * Fixes Chrome SameSite Cookie problem, only works on https
-     * More info here https://wiki.shibboleth.net/confluence/display/DEV/Tomcat+and+Jetty+SameSite+Workarounds
+     * Sets SameSite cookie attribute value.
+     * Supported options: Lax, Strict, None.
      */
-    public static final ConfigKey WEB_SAME_SITE_COOKIE_NONE = new ConfigKey(
-            "web.sameSiteCookie.enable", Boolean.class);
+    public static final ConfigKey WEB_SAME_SITE_COOKIE = new ConfigKey(
+            "web.sameSiteCookie", String.class);
 
     private Keys() {
     }
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
index 3f2a24815..44d78cd27 100644
--- a/src/main/java/org/traccar/web/WebServer.java
+++ b/src/main/java/org/traccar/web/WebServer.java
@@ -15,6 +15,7 @@
  */
 package org.traccar.web;
 
+import org.eclipse.jetty.http.HttpCookie;
 import org.eclipse.jetty.http.HttpMethod;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.proxy.AsyncProxyServlet;
@@ -45,6 +46,7 @@ import org.traccar.config.Keys;
 
 import javax.servlet.DispatcherType;
 import javax.servlet.ServletException;
+import javax.servlet.SessionCookieConfig;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.File;
@@ -76,12 +78,8 @@ public class WebServer {
 
         ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
 
-        int sessionTimeout = config.getInteger("web.sessionTimeout");
-        if (sessionTimeout > 0) {
-            servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
-        }
-
         initApi(config, servletHandler);
+        initSessionConfig(config, servletHandler);
 
         if (config.getBoolean("web.console")) {
             servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*");
@@ -167,10 +165,31 @@ public class WebServer {
                 SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class);
         resourceConfig.packages(ServerResource.class.getPackage().getName());
         servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*");
+    }
 
-        if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) {
-            servletHandler.getServletContext().getSessionCookieConfig().setSecure(true);
-            servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__");
+    private void initSessionConfig(Config config, ServletContextHandler servletHandler) {
+        int sessionTimeout = config.getInteger("web.sessionTimeout");
+        if (sessionTimeout > 0) {
+            servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
+        }
+
+        String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE);
+        if (sameSiteCookie != null) {
+            SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
+            switch (sameSiteCookie.toLowerCase()) {
+                case "lax":
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT);
+                    break;
+                case "strict":
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT);
+                    break;
+                case "none":
+                    sessionCookieConfig.setSecure(true);
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT);
+                    break;
+                default:
+                    break;
+            }
         }
     }
author	Anton Tananaev <anton.tananaev@gmail.com>	2020-09-05 15:52:45 -0700
committer	Anton Tananaev <anton.tananaev@gmail.com>	2020-09-05 15:52:45 -0700
commit	03bd0f0d0945a80f5af19d06d37ff31a52d294ed (patch)
tree	0412bafe5f785c2bba32730d0a8d7488558fd70d /src
parent	0fbfe5160af67440c495ee1589b435a82e136e10 (diff)
download	traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.gz traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.bz2 traccar-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.zip