[ofbiz-framework] branch release17.12 updated: Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch release17.12 updated: Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 82ef7a5  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
82ef7a5 is described below

commit 82ef7a58713607010bbc4c946068516306c9c03e
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Fri Mar 20 17:50:17 2020 +0100

    Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
   
    (OFBIZ-11470)
   
    As reported by OWASP ZAP:
    A cookie has been set without the SameSite attribute, which means that the
    cookie can be sent as a result of a 'cross-site' request. The SameSite attribute
    is an effective counter measure to cross-site request forgery, cross-site script
    inclusion, and timing attacks.
   
    The solution was not obvious in OFBiz for 2 reasons:
   
    1. There is no HttpServletResponse::setHeader. So we need to use a filter
      (SameSiteFilter) and even that is not enough because of 2:
    2. To prevent session fixation we force Tomcat to generates a new jsessionId,
    ultimately put in cookie, in LoginWorker::login. So we need to add a call to
    SameSiteFilter::addSameSiteCookieAttribute in
    UtilHttp::setResponseBrowserDefaultSecurityHeaders.
---
 applications/accounting/webapp/accounting/WEB-INF/web.xml        | 9 +++++++++
 applications/accounting/webapp/ap/WEB-INF/web.xml                | 9 +++++++++
 applications/accounting/webapp/ar/WEB-INF/web.xml                | 9 +++++++++
 applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml         | 9 +++++++++
 applications/content/webapp/content/WEB-INF/web.xml              | 9 +++++++++
 applications/humanres/webapp/humanres/WEB-INF/web.xml            | 9 +++++++++
 applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml  | 9 +++++++++
 applications/marketing/webapp/sfa/WEB-INF/web.xml                | 9 +++++++++
 applications/order/webapp/ordermgr/WEB-INF/web.xml               | 9 +++++++++
 applications/product/webapp/catalog/WEB-INF/web.xml              | 9 +++++++++
 applications/product/webapp/facility/WEB-INF/web.xml             | 9 +++++++++
 applications/workeffort/webapp/ical/WEB-INF/web.xml              | 9 +++++++++
 applications/workeffort/webapp/workeffort/WEB-INF/web.xml        | 9 +++++++++
 .../base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java  | 3 +++
 framework/resources/templates/web.xml                            | 6 ++++++
 framework/webtools/webapp/webtools/WEB-INF/web.xml               | 9 +++++++++
 16 files changed, 135 insertions(+)

diff --git a/applications/accounting/webapp/accounting/WEB-INF/web.xml b/applications/accounting/webapp/accounting/WEB-INF/web.xml
index b792337..261c958 100644
--- a/applications/accounting/webapp/accounting/WEB-INF/web.xml
+++ b/applications/accounting/webapp/accounting/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/accounting/webapp/ap/WEB-INF/web.xml b/applications/accounting/webapp/ap/WEB-INF/web.xml
index 0f12f57..87b17f1 100644
--- a/applications/accounting/webapp/ap/WEB-INF/web.xml
+++ b/applications/accounting/webapp/ap/WEB-INF/web.xml
@@ -58,6 +58,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -66,6 +71,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
     <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
diff --git a/applications/accounting/webapp/ar/WEB-INF/web.xml b/applications/accounting/webapp/ar/WEB-INF/web.xml
index 23c89e6..1a43089 100644
--- a/applications/accounting/webapp/ar/WEB-INF/web.xml
+++ b/applications/accounting/webapp/ar/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml b/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
index 9691cea..7528937 100644
--- a/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
+++ b/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
@@ -57,6 +57,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/content/webapp/content/WEB-INF/web.xml b/applications/content/webapp/content/WEB-INF/web.xml
index d271674..fb2b0d0 100644
--- a/applications/content/webapp/content/WEB-INF/web.xml
+++ b/applications/content/webapp/content/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/humanres/webapp/humanres/WEB-INF/web.xml b/applications/humanres/webapp/humanres/WEB-INF/web.xml
index d4d9e74..530b64b 100644
--- a/applications/humanres/webapp/humanres/WEB-INF/web.xml
+++ b/applications/humanres/webapp/humanres/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml b/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
index 25e6f15..67ea6e9 100644
--- a/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
+++ b/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/marketing/webapp/sfa/WEB-INF/web.xml b/applications/marketing/webapp/sfa/WEB-INF/web.xml
index 638e06a..34098bf 100644
--- a/applications/marketing/webapp/sfa/WEB-INF/web.xml
+++ b/applications/marketing/webapp/sfa/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/order/webapp/ordermgr/WEB-INF/web.xml b/applications/order/webapp/ordermgr/WEB-INF/web.xml
index 41265cc..cf3294b 100644
--- a/applications/order/webapp/ordermgr/WEB-INF/web.xml
+++ b/applications/order/webapp/ordermgr/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/product/webapp/catalog/WEB-INF/web.xml b/applications/product/webapp/catalog/WEB-INF/web.xml
index a79e798..76e24ba 100644
--- a/applications/product/webapp/catalog/WEB-INF/web.xml
+++ b/applications/product/webapp/catalog/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/product/webapp/facility/WEB-INF/web.xml b/applications/product/webapp/facility/WEB-INF/web.xml
index 0a3464f..6d3decc 100644
--- a/applications/product/webapp/facility/WEB-INF/web.xml
+++ b/applications/product/webapp/facility/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/workeffort/webapp/ical/WEB-INF/web.xml b/applications/workeffort/webapp/ical/WEB-INF/web.xml
index b890ca7..52745d7 100644
--- a/applications/workeffort/webapp/ical/WEB-INF/web.xml
+++ b/applications/workeffort/webapp/ical/WEB-INF/web.xml
@@ -56,6 +56,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -64,6 +69,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener>
         <listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>
diff --git a/applications/workeffort/webapp/workeffort/WEB-INF/web.xml b/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
index c8aeb25..3fc96da 100644
--- a/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
+++ b/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
@@ -59,6 +59,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -67,6 +72,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener>
         <listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
index ef373b4..fec25ff 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
@@ -66,6 +66,7 @@ import org.apache.http.ssl.SSLContexts;
 import org.apache.ofbiz.entity.Delegator;
 import org.apache.ofbiz.entity.util.EntityUtilProperties;
 import org.apache.ofbiz.webapp.control.ConfigXMLReader;
+import org.apache.ofbiz.webapp.control.SameSiteFilter;
 import org.apache.ofbiz.webapp.event.FileUploadProgressListener;
 import org.apache.ofbiz.widget.renderer.VisualTheme;
 import org.apache.oro.text.regex.MalformedPatternException;
@@ -1152,6 +1153,8 @@ public final class UtilHttp {
         
         resp.setHeader("Content-Security-Policy-Report-Only", "default-src 'self'");
         
+        SameSiteFilter.addSameSiteCookieAttribute(resp);
+        
         // TODO in custom project. Public-Key-Pins-Report-Only is interesting but can't be used OOTB because of demos (the letsencrypt certificate is renewed every 3 months)
     }
     
diff --git a/framework/resources/templates/web.xml b/framework/resources/templates/web.xml
index 2ca1b35..5db4f21 100644
--- a/framework/resources/templates/web.xml
+++ b/framework/resources/templates/web.xml
@@ -61,8 +61,14 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>    
     <filter-mapping><filter-name>ControlFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
     <filter-mapping><filter-name>ContextFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
+    <filter-mapping><filter-name>SameSiteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/framework/webtools/webapp/webtools/WEB-INF/web.xml b/framework/webtools/webapp/webtools/WEB-INF/web.xml
index 635897b..c46f4bb 100644
--- a/framework/webtools/webapp/webtools/WEB-INF/web.xml
+++ b/framework/webtools/webapp/webtools/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener>
         <listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>