aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/web
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2020-09-05 15:52:45 -0700
committerAnton Tananaev <anton.tananaev@gmail.com>2020-09-05 15:52:45 -0700
commit03bd0f0d0945a80f5af19d06d37ff31a52d294ed (patch)
tree0412bafe5f785c2bba32730d0a8d7488558fd70d /src/main/java/org/traccar/web
parent0fbfe5160af67440c495ee1589b435a82e136e10 (diff)
downloadtrackermap-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.gz
trackermap-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.tar.bz2
trackermap-server-03bd0f0d0945a80f5af19d06d37ff31a52d294ed.zip
Update SameSite configuration
Diffstat (limited to 'src/main/java/org/traccar/web')
-rw-r--r--src/main/java/org/traccar/web/WebServer.java35
1 files changed, 27 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
index 3f2a24815..44d78cd27 100644
--- a/src/main/java/org/traccar/web/WebServer.java
+++ b/src/main/java/org/traccar/web/WebServer.java
@@ -15,6 +15,7 @@
*/
package org.traccar.web;
+import org.eclipse.jetty.http.HttpCookie;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.proxy.AsyncProxyServlet;
@@ -45,6 +46,7 @@ import org.traccar.config.Keys;
import javax.servlet.DispatcherType;
import javax.servlet.ServletException;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
@@ -76,12 +78,8 @@ public class WebServer {
ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
- int sessionTimeout = config.getInteger("web.sessionTimeout");
- if (sessionTimeout > 0) {
- servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
- }
-
initApi(config, servletHandler);
+ initSessionConfig(config, servletHandler);
if (config.getBoolean("web.console")) {
servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*");
@@ -167,10 +165,31 @@ public class WebServer {
SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class);
resourceConfig.packages(ServerResource.class.getPackage().getName());
servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*");
+ }
- if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) {
- servletHandler.getServletContext().getSessionCookieConfig().setSecure(true);
- servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__");
+ private void initSessionConfig(Config config, ServletContextHandler servletHandler) {
+ int sessionTimeout = config.getInteger("web.sessionTimeout");
+ if (sessionTimeout > 0) {
+ servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
+ }
+
+ String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE);
+ if (sameSiteCookie != null) {
+ SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
+ switch (sameSiteCookie.toLowerCase()) {
+ case "lax":
+ sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT);
+ break;
+ case "strict":
+ sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT);
+ break;
+ case "none":
+ sessionCookieConfig.setSecure(true);
+ sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT);
+ break;
+ default:
+ break;
+ }
}
}