From 0fbfe5160af67440c495ee1589b435a82e136e10 Mon Sep 17 00:00:00 2001 From: jcardus Date: Sat, 5 Sep 2020 23:28:13 +0100 Subject: Chrome Cross-Site Cookie (#4572) Chrome samesite cookie problem Co-authored-by: jcardus --- src/main/java/org/traccar/config/Keys.java | 7 +++++++ src/main/java/org/traccar/web/WebServer.java | 5 +++++ 2 files changed, 12 insertions(+) (limited to 'src/main/java/org') diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index fb32857d8..fd126a5c4 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -429,6 +429,13 @@ public final class Keys { public static final ConfigKey WEB_DISABLE_HEALTH_CHECK = new ConfigKey( "web.disableHealthCheck", Boolean.class); + /** + * Fixes Chrome SameSite Cookie problem, only works on https + * More info here https://wiki.shibboleth.net/confluence/display/DEV/Tomcat+and+Jetty+SameSite+Workarounds + */ + public static final ConfigKey WEB_SAME_SITE_COOKIE_NONE = new ConfigKey( + "web.sameSiteCookie.enable", Boolean.class); + private Keys() { } diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java index 7f0ec53b6..3f2a24815 100644 --- a/src/main/java/org/traccar/web/WebServer.java +++ b/src/main/java/org/traccar/web/WebServer.java @@ -167,6 +167,11 @@ public class WebServer { SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class); resourceConfig.packages(ServerResource.class.getPackage().getName()); servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*"); + + if (config.getBoolean(Keys.WEB_SAME_SITE_COOKIE_NONE)) { + servletHandler.getServletContext().getSessionCookieConfig().setSecure(true); + servletHandler.getServletContext().getSessionCookieConfig().setComment("__SAME_SITE_NONE__"); + } } public void start() { -- cgit v1.2.3