如何在 Tomcat 的 Cookie Processor 中设置 SameSite Cookie? [英] How to set SameSite Cookie in Tomcat's Cookie Processor?
问题描述
Tomcat 的 context.xml 定义了 CookieProcessor(默认 LegacyCookieProcessor)
Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor)
https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html
我正在尝试添加显示在 cookie 处理器上的属性,但这似乎不起作用
I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working
我没有看到设置了 sameSite 属性的 Tomcat 响应头 cookie
I don't see Tomcat's response header cookie with sameSite attribute being set
推荐答案
在您的 Web 应用程序中,在 META-INF 文件夹内创建一个包含此内容的 context.xml 文件.
In your web application, inside the META-INF folder create a context.xml file with this inside.
<Context>
<CookieProcessor sameSiteCookies="strict" />
</Context>
如果您已有 context.xml 文件,则只需添加 CookieProcessor 元素.
If you already have a context.xml file, you just need to add the CookieProcessor element.
如果您需要将属性设置为none",则自 Tomcat 9.0.21 和 8.5.42 或 9.0.28 和 8.5.48 起,此行为是可能的.
This behavior is possible since Tomcat 9.0.21 and 8.5.42, or 9.0.28 and 8.5.48 if you need to set the attribute to "none".
于 2019 年 5 月 20 日通过拉取请求合并到 Tomcat master 162
Merged into Tomcat master on 20th of May 2019 with pull request 162
这篇关于如何在 Tomcat 的 Cookie Processor 中设置 SameSite Cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!