[ofbiz-plugins] branch trunk updated: Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies. (CVE-2019-0235) (OFBIZ-11470)

Fri, 23 Sep 2022 01:31:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 7ae78c2e3 Fixed: Ensure that the SameSite attribute is set to 'strict' 
for all cookies. (CVE-2019-0235) (OFBIZ-11470)
7ae78c2e3 is described below

commit 7ae78c2e3fd338683af3951f6da8bc5b418b0a6f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Sep 23 09:21:39 2022 +0200

    Fixed: Ensure that the SameSite attribute is set to 'strict' for all 
cookies. (CVE-2019-0235) (OFBIZ-11470)
    
    I noticed while working on OFBIZ-11791 and after checking (it was 2 years 
ago)
    that I did not put the SameSiteFilter in ecomseo web.xml file. I think it's
    because I thought that ecomseo is duplicating ecommerce. But I forgot that 
it's
    not the case for the web.xml file
---
 ecommerce/webapp/ecomseo/WEB-INF/web.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ecommerce/webapp/ecomseo/WEB-INF/web.xml 
b/ecommerce/webapp/ecomseo/WEB-INF/web.xml
index 67eea60ec..121ffcb64 100644
--- a/ecommerce/webapp/ecomseo/WEB-INF/web.xml
+++ b/ecommerce/webapp/ecomseo/WEB-INF/web.xml
@@ -86,6 +86,11 @@ under the License.
             
<param-value>/error:/control:/products:/select:/index.html:/index.jsp:/robots.txt:/default.html:/default.jsp:/images</param-value>
         </init-param>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        
<filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -102,7 +107,10 @@ under the License.
         <filter-name>SeoContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
-
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
     
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <!-- NOTE: not all app servers support mounting implementations of the 
HttpSessionActivationListener interface -->
     <!-- 
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener>
 -->

Reply via email to