> Mark,
>
> On 11/8/19 11:54, Mark Thomas wrote:
>> +1 but please use debug. Tomcat generally doesn't use trace. The
>> expectation is that debug enables all logging.
>
> Really? I'm happy to use whatever you guys recommend, but this will do
> things like:
>
>log.debug("Generating new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 11/8/19 09:35, Christopher Schultz wrote:
> On 11/7/19 15:20, Konstantin Kolinko wrote:
>> This reminds me: ClassLoaderLogManager allows each web
>> application to have its own configuration of logging. If you have
>> a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm playing with the CsrfPreventionFilter and things are working well
in the following situations:
link text
and
...
As long as the URL has been passed through request.encodeURL().
However, this one is causing me a problem:
...
This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 11/8/19 11:54, Mark Thomas wrote:
>> Konstantin,
>>
>> On 11/7/19 15:20, Konstantin Kolinko wrote:
>>> чт, 7 нояб. 2019 г. в 17:11, Christopher Schultz
>>> :
I'm using bin/catalina.sh start to launch Tomcat on Macos.
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
M,
On 11/8/19 10:40, M. Manna wrote:
> Interesting question.
>
> samesite attribute is also to protect cookies from possible
> cross-site attacks. Even if you have super domain cookies, using
> strict/lax shouldn't make any difference for you, or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 11/8/19 11:53, Mark Thomas wrote:
>> All,
>>
>> I'm looking at using "samesite" cookies within my application.
>> It looks as simple as setting the "sameSite" attribute
>> appropriately on the CookieProcessor for the , which
>> isn't
> Konstantin,
>
> On 11/7/19 15:20, Konstantin Kolinko wrote:
>> чт, 7 нояб. 2019 г. в 17:11, Christopher Schultz
>> :
>>>
>>> I'm using bin/catalina.sh start to launch Tomcat on Macos. The
>>> 'ps' command shows the following partial command-line:
>>>
>>> [...] -
>>>
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting the "sameSite" attribute appropriately on
> the CookieProcessor for the , which isn't there in a default
> configuration. So you just have to add it:
>
>
>
>
>
>
>
> Cool, now my
On Fri, Nov 8, 2019 at 4:04 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting the "sameSite" attribute appropriately on
> the
Hey Chris,
Interesting question.
samesite attribute is also to protect cookies from possible cross-site
attacks. Even if you have super domain cookies, using strict/lax shouldn't
make any difference for you, or does it?
Thanks,
On Fri, 8 Nov 2019 at 15:04, Christopher Schultz <
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm looking at using "samesite" cookies within my application. It
looks as simple as setting the "sameSite" attribute appropriately on
the CookieProcessor for the , which isn't there in a default
configuration. So you just have to add it:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 11/7/19 15:20, Konstantin Kolinko wrote:
> чт, 7 нояб. 2019 г. в 17:11, Christopher Schultz
> :
>>
>> I'm using bin/catalina.sh start to launch Tomcat on Macos. The
>> 'ps' command shows the following partial command-line:
>>
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 11/7/19 11:43, Mark Thomas wrote:
>> Mark,
>>
>> On 11/7/19 06:40, Mark Thomas wrote:
>>> On 06/11/2019 20:04, Mark Thomas wrote:
I've found the root cause.
When checking the timestamps of JSPs, the JSP engine (because
13 matches
Mail list logo