From 03bd0f0d0945a80f5af19d06d37ff31a52d294ed Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sat, 5 Sep 2020 15:52:45 -0700 Subject: Update SameSite configuration --- src/main/java/org/traccar/config/Keys.java | 10 ++++---- src/main/java/org/traccar/web/WebServer.java | 35 +++++++++++++++++++++------- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index fd126a5c4..cd80e68c4 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -1,5 +1,5 @@ /* - * Copyright 2019 Anton Tananaev (anton@traccar.org) + * Copyright 2019 - 2020 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -430,11 +430,11 @@ public final class Keys { "web.disableHealthCheck", Boolean.class); /** - * Fixes Chrome SameSite Cookie problem, only works on https - * More info here https://wiki.shibboleth.net/confluence/display/DEV/Tomcat+and+Jetty+SameSite+Workarounds + * Sets SameSite cookie attribute value. + * Supported options: Lax, Strict, None. */ - public static final ConfigKey WEB_SAME_SITE_COOKIE_NONE = new ConfigKey( - "web.sameSiteCookie.enable", Boolean.class); + public static final ConfigKey WEB_SAME_SITE_COOKIE = new ConfigKey( + "web.sameSiteCookie", String.class); private Keys() { } diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java index 3f2a24815..44d78cd27 100644 --- a/src/main/java/org/traccar/web/WebServer.java +++ b/src/main/java/org/traccar/web/WebServer.java @@ -15,6 +15,7 @@ */ package org.traccar.web; +import org.eclipse.jetty.http.HttpCookie; import org.eclipse.jetty.http.HttpMethod; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.proxy.AsyncProxyServlet; @@ -45,6 +46,7 @@ import org.traccar.config.Keys; import javax.servlet.DispatcherType; import javax.servlet.ServletException; +import javax.servlet.SessionCookieConfig; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.File; @@ -76,12 +78,8 @@ public class WebServer { ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); - int sessionTimeout = config.getInteger("web.sessionTimeout"); - if (sessionTimeout > 0) { - servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); - } - initApi(config, servletHandler); + initSessionConfig(config, servletHandler); if (config.getBoolean("web.console")) { servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*"); @@ -167,10 +165,31 @@ public class WebServer { SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class); resourceConfig.packages(ServerResource.class.getPackage().getName()); servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*"); + } - if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) { - servletHandler.getServletContext().getSessionCookieConfig().setSecure(true); - servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__"); + private void initSessionConfig(Config config, ServletContextHandler servletHandler) { + int sessionTimeout = config.getInteger("web.sessionTimeout"); + if (sessionTimeout > 0) { + servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); + } + + String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE); + if (sameSiteCookie != null) { + SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig(); + switch (sameSiteCookie.toLowerCase()) { + case "lax": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT); + break; + case "strict": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT); + break; + case "none": + sessionCookieConfig.setSecure(true); + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT); + break; + default: + break; + } } } -- cgit v1.2.3