On 11/06/2020 16:09, S Abirami wrote: > Hi Mark, > > We don't have concern regarding the restart of tomcat for the changes in > context.xml. As our web application is mainly used to launch only the > standalone application. > I have updated Cookieprocessor entry under the context tag in server.xml > specific to the application context path and it is working fine.
OK. > But, I could see that tenable detects that all other web application also has > the SameSite attribute even though I have mentioned only in the specific > application context. > It is really surprising me . But, contrast ZAP tool reports for other > application it doesn't have SameSite attribute. Sounds like you need to report a bug to tenable. Mark > > > Regards, > Abirami.S > > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: Thursday, June 11, 2020 8:19 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: context.xml under META-INF was not working > > On June 11, 2020 2:32:51 PM UTC, S Abirami <s.abir...@ericsson.com.INVALID> > wrote: >> Hi Mark, >> >> We are using Apache Tomcat 9.0.33. >> I am not seeing any exception regarding it. > > That isn't what I asked. I asked for the log messages . > > Fortunately, you have provided the information I was looking for below. > >> In our application the web-application will not be located under the >> CATALINA_HOME/webapps location. >> We placed in other location and mentioned the path in context tag with >> attributes path and docBase in server.xml . > > It is strongly recommended you don't define Context elements in server.xml as > they only way to change them us to restart Tomcat. > >> Here ,we mentioned the >> deployOnStartUp as false. >> Hence, I have created META-INF directory under the App_folder and >> created the context.xml and MANIFEST.MF files. > > That won't work. The Context element in server.xml will be used. Either edit > the Context in server.xml or, better, move the Context definitions to > $CATALINA_BASE/conf/<engine name>/<host name>/ > > Mark > >> >> Regarding logs, I could see only the below messages >> >> WARNING: Match [Server/Service/Engine/Host/Context] failed to set >> property [antiJARLocking] to [false] >> WARNING: Match [Context/Manager] failed to set property [randomClass] >> to [java.security.SecureRandom] >> SEVERE: Unknown default host [localhost] for service >> [StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0 >> requests that do not specify a host name. >> >> >> Regards, >> Abirami.S >> >> -----Original Message----- >> From: Mark Thomas <ma...@apache.org> >> Sent: Thursday, June 11, 2020 7:27 PM >> To: users@tomcat.apache.org >> Subject: Re: context.xml under META-INF was not working >> >> On 11/06/2020 12:46, S Abirami wrote: >>> Hi Mark, >>> >>> The below is the content of the context.xml >>> >>> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor >>> sameSiteCookies="strict"/> </Context> >> >> That looks OK. >> >> What Tomcat version are you using? >> >> What do the logs say when the application is deployed? That will tell >> you where it is being deployed from which might suggest why that file >> isn't taking effect. >> >> Mark >> >> >>> >>> Regards, >>> Abirami.S >>> -----Original Message----- >>> From: Mark Thomas <ma...@apache.org> >>> Sent: Thursday, June 11, 2020 5:12 PM >>> To: users@tomcat.apache.org >>> Subject: Re: context.xml under META-INF was not working >>> >>> On 11/06/2020 11:42, S Abirami wrote: >>>> Hi All, >>>> >>>> I want to configure SameSite attribute to the specific >> web-application. >>>> For that, I have updated the context.xml of specific web application >> >>>> located in <App_Folder>/META-INF/context.xml >>>> >>>> <CookieProcessor sameSiteCookies="strict"/> >>>> >>>> >>>> It is not working. Only the changes in global context.xml is >> working. Please guide to solve the issue. >>> >>> What is the full contents of <App_Folder>/META-INF/context.xml >>> >>> Mark >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org