如何为jsessionid cookie启用samesite
如何为在wildfly as上运行的web应用程序启用samesite。但是,Checked standalone.xml无法在其中找到适当的标签
<servlet-container name="default">
<session-cookie http-only="true" secure="true"/>
<jsp-config/>
</servlet-container>回答 5
Stack Overflow用户
发布于 2019-05-17 14:58:16
一种解决方法是使用另一个属性(例如comment)将SameSite设置修改到cookie中:
<servlet-container name="default">
<jsp-config/>
<session-cookie comment="; SameSite=None"/>
<websockets/>
</servlet-container>但是,由于Undertow在使用版本0或版本1cookie时会引用注释(和其他)值,因此需要在将io.undertow.cookie.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION系统属性设置为true的情况下运行JBoss/WildFly
./bin/standalone.sh -Dio.undertow.cookie.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION=true这将为您提供所需的结果:
这种方法显然很老套,完全依赖于Undertow实现细节,所以我建议在web服务器或负载均衡器级别上进行配置。
Stack Overflow用户
发布于 2020-02-25 16:37:40
对于当前最新版本的Spring Boot:
如果您没有最新的spring-boot-starter-tomcat,请检查SameSiteCookies枚举中的值UNSET,如果缺少该值,则需要一个较新的版本,因为它将跳过值SameSite=None。
@Component
public class SameSiteTomcatCookieProcessorCustomizationBean implements WebServerFactoryCustomizer<TomcatServletWebServerFactory>
{
@Override
public void customize(TomcatServletWebServerFactory server) {
server.getTomcatContextCustomizers().add(new TomcatContextCustomizer()
{
@Override
public void customize(Context context)
{
Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor();
cookieProcessor.setSameSiteCookies("None");
context.setCookieProcessor(cookieProcessor);
}
});
}
}Stack Overflow用户
发布于 2020-03-13 18:52:58
我的变通方法是一个自定义处理程序,适用于JBoss EAP7.2。我将其用作全局处理程序。但是您也可以在jboss-web.xml中使用它。你需要尝试cookie实现,因为undertow只允许严格或宽松的相同站点(如果你使用cookie.setSameSiteMode(“None”),它会抛出“”UT000162: Same-site attribute None is invalid.它必须是严格的或宽松的“”)
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.Cookie;
import java.lang.reflect.Proxy;
import java.util.Map;
public class CookieSameSiteHandler implements HttpHandler
{
private HttpHandler next;
public CookieSameSiteHandler(HttpHandler next){
this.next = next;
}
@Override
public void handleRequest(final HttpServerExchange exchange)
throws Exception
{
exchange.addResponseCommitListener(serverExchange -> {
for (Map.Entry<String, Cookie> responcecookie : serverExchange.getResponseCookies().entrySet()){
serverExchange.getResponseCookies().replace(responcecookie.getKey(), proxyCookie(responcecookie.getValue()));
}
});
next.handleRequest(exchange);
}
private Cookie proxyCookie(Cookie cookie)
{
return (Cookie)Proxy.newProxyInstance(
cookie.getClass().getClassLoader(),
cookie.getClass().getInterfaces(),
(proxy, method, args) -> {
if ("isSameSite".equals(method.getName())){
return true;
}
if ("getSameSiteMode".equals(method.getName()) && cookie.getSameSiteMode() == null){
return "None";
}
if ("isSecure".equals(method.getName()) && cookie.getSameSiteMode() == null){
return true;
}
return method.invoke(cookie, args);
});
}
}处理程序配置:
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-virtual-host="default-host">
<buffer-cache name="default"/>
<server name="default-server" default-host="default-host">
...
<host name="default-host" alias="localhost,example.com">
...
<filter-ref name="cookiehandler"/>
...
</host>
</server>
...
<filters>
<filter class-name="nl.myownstuff.handler.CookieSameSiteHandler" module="nl.myownstuff.undertow" name="cookiehandler"/>
</filters>
</subsystem>https://stackoverflow.com/questions/49697449
复制相似问题
腾讯云开发者
