[ofbiz-plugins] branch release18.12 updated: Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-plugins] branch release18.12 updated: Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new ba31a24  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
ba31a24 is described below

commit ba31a241ac67ae6a48e0f618d09abee81a2bad4a
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Fri Mar 20 17:51:00 2020 +0100

    Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
   
    (OFBIZ-11470)
   
    As reported by OWASP ZAP:
    A cookie has been set without the SameSite attribute, which means that the
    cookie can be sent as a result of a 'cross-site' request. The SameSite attribute
    is an effective counter measure to cross-site request forgery, cross-site script
    inclusion, and timing attacks.
   
    The solution was not obvious in OFBiz for 2 reasons:
   
    1. There is no HttpServletResponse::setHeader. So we need to use a filter
      (SameSiteFilter) and even that is not enough because of 2:
    2. To prevent session fixation we force Tomcat to generates a new jsessionId,
    ultimately put in cookie, in LoginWorker::login. So we need to add a call to
    SameSiteFilter::addSameSiteCookieAttribute in
    UtilHttp::setResponseBrowserDefaultSecurityHeaders.
---
 assetmaint/webapp/assetmaint/WEB-INF/web.xml | 9 +++++++++
 assetmaint/webapp/ismgr/WEB-INF/web.xml      | 9 +++++++++
 bi/webapp/bi/WEB-INF/web.xml                 | 9 +++++++++
 birt/webapp/accounting/WEB-INF/web.xml       | 9 +++++++++
 birt/webapp/birt/WEB-INF/web.xml             | 9 +++++++++
 birt/webapp/facility/WEB-INF/web.xml         | 9 +++++++++
 birt/webapp/ordermgr/WEB-INF/web.xml         | 9 +++++++++
 ebay/webapp/ebay/WEB-INF/web.xml             | 9 +++++++++
 ebaystore/webapp/ebaystore/WEB-INF/web.xml   | 9 +++++++++
 ecommerce/webapp/ecommerce/WEB-INF/web.xml   | 9 +++++++++
 example/webapp/example/WEB-INF/web.xml       | 9 +++++++++
 exampleext/webapp/exampleext/WEB-INF/web.xml | 9 +++++++++
 lucene/webapp/content/WEB-INF/web.xml        | 9 +++++++++
 msggateway/webapp/msggateway/WEB-INF/web.xml | 6 ++++++
 myportal/webapp/myportal/WEB-INF/web.xml     | 9 +++++++++
 pricat/webapp/pricat/WEB-INF/web.xml         | 9 +++++++++
 pricat/webapp/pricatdemo/WEB-INF/web.xml     | 9 +++++++++
 projectmgr/webapp/projectmgr/WEB-INF/web.xml | 9 +++++++++
 scrum/webapp/demotest/WEB-INF/web.xml        | 9 +++++++++
 scrum/webapp/scrum/WEB-INF/web.xml           | 9 +++++++++
 webpos/webapp/webpos/WEB-INF/web.xml         | 9 +++++++++
 21 files changed, 186 insertions(+)

diff --git a/assetmaint/webapp/assetmaint/WEB-INF/web.xml b/assetmaint/webapp/assetmaint/WEB-INF/web.xml
index b77dbfe..72bd3b8 100644
--- a/assetmaint/webapp/assetmaint/WEB-INF/web.xml
+++ b/assetmaint/webapp/assetmaint/WEB-INF/web.xml
@@ -77,6 +77,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -85,6 +90,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/assetmaint/webapp/ismgr/WEB-INF/web.xml b/assetmaint/webapp/ismgr/WEB-INF/web.xml
index 2a2d462..fe14a40 100644
--- a/assetmaint/webapp/ismgr/WEB-INF/web.xml
+++ b/assetmaint/webapp/ismgr/WEB-INF/web.xml
@@ -72,6 +72,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -80,6 +85,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/bi/webapp/bi/WEB-INF/web.xml b/bi/webapp/bi/WEB-INF/web.xml
index 47f4646..ab12741 100644
--- a/bi/webapp/bi/WEB-INF/web.xml
+++ b/bi/webapp/bi/WEB-INF/web.xml
@@ -57,6 +57,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/accounting/WEB-INF/web.xml b/birt/webapp/accounting/WEB-INF/web.xml
index 1f86b35..c45dbbf 100644
--- a/birt/webapp/accounting/WEB-INF/web.xml
+++ b/birt/webapp/accounting/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/birt/WEB-INF/web.xml b/birt/webapp/birt/WEB-INF/web.xml
index 1056ac3..c06dae0 100644
--- a/birt/webapp/birt/WEB-INF/web.xml
+++ b/birt/webapp/birt/WEB-INF/web.xml
@@ -54,6 +54,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -62,6 +67,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/facility/WEB-INF/web.xml b/birt/webapp/facility/WEB-INF/web.xml
index 9f426bf..1fd3f6e 100644
--- a/birt/webapp/facility/WEB-INF/web.xml
+++ b/birt/webapp/facility/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/birt/webapp/ordermgr/WEB-INF/web.xml b/birt/webapp/ordermgr/WEB-INF/web.xml
index 60d9b58..10d1a1c 100644
--- a/birt/webapp/ordermgr/WEB-INF/web.xml
+++ b/birt/webapp/ordermgr/WEB-INF/web.xml
@@ -58,6 +58,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -66,6 +71,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ebay/webapp/ebay/WEB-INF/web.xml b/ebay/webapp/ebay/WEB-INF/web.xml
index 13118e1..1f8c900 100644
--- a/ebay/webapp/ebay/WEB-INF/web.xml
+++ b/ebay/webapp/ebay/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ebaystore/webapp/ebaystore/WEB-INF/web.xml b/ebaystore/webapp/ebaystore/WEB-INF/web.xml
index ca2d340..7c0f087 100644
--- a/ebaystore/webapp/ebaystore/WEB-INF/web.xml
+++ b/ebaystore/webapp/ebaystore/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/web.xml b/ecommerce/webapp/ecommerce/WEB-INF/web.xml
index c299c6b..4926d0e 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/web.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/web.xml
@@ -85,6 +85,11 @@ under the License.
             <param-value>/control/main</param-value>
         </init-param>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -101,6 +106,10 @@ under the License.
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
     <!-- <listener><listener-class>org.apache.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
diff --git a/example/webapp/example/WEB-INF/web.xml b/example/webapp/example/WEB-INF/web.xml
index 8acd303..6417d05 100644
--- a/example/webapp/example/WEB-INF/web.xml
+++ b/example/webapp/example/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/exampleext/webapp/exampleext/WEB-INF/web.xml b/exampleext/webapp/exampleext/WEB-INF/web.xml
index eb72228..8b3edf8 100644
--- a/exampleext/webapp/exampleext/WEB-INF/web.xml
+++ b/exampleext/webapp/exampleext/WEB-INF/web.xml
@@ -55,6 +55,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -63,6 +68,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/lucene/webapp/content/WEB-INF/web.xml b/lucene/webapp/content/WEB-INF/web.xml
index 3408913..c7f6f5f 100644
--- a/lucene/webapp/content/WEB-INF/web.xml
+++ b/lucene/webapp/content/WEB-INF/web.xml
@@ -70,6 +70,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -78,6 +83,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/msggateway/webapp/msggateway/WEB-INF/web.xml b/msggateway/webapp/msggateway/WEB-INF/web.xml
index 9066299..f2bb225 100644
--- a/msggateway/webapp/msggateway/WEB-INF/web.xml
+++ b/msggateway/webapp/msggateway/WEB-INF/web.xml
@@ -61,8 +61,14 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping><filter-name>ControlFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
     <filter-mapping><filter-name>ContextFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
+    <filter-mapping><filter-name>SameSiteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/myportal/webapp/myportal/WEB-INF/web.xml b/myportal/webapp/myportal/WEB-INF/web.xml
index f1480d5..9e9e040 100644
--- a/myportal/webapp/myportal/WEB-INF/web.xml
+++ b/myportal/webapp/myportal/WEB-INF/web.xml
@@ -57,6 +57,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/pricat/webapp/pricat/WEB-INF/web.xml b/pricat/webapp/pricat/WEB-INF/web.xml
index 29d64e9..22cd61d 100644
--- a/pricat/webapp/pricat/WEB-INF/web.xml
+++ b/pricat/webapp/pricat/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/pricat/webapp/pricatdemo/WEB-INF/web.xml b/pricat/webapp/pricatdemo/WEB-INF/web.xml
index 447883e..c4edfb3 100644
--- a/pricat/webapp/pricatdemo/WEB-INF/web.xml
+++ b/pricat/webapp/pricatdemo/WEB-INF/web.xml
@@ -60,6 +60,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -68,6 +73,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/projectmgr/webapp/projectmgr/WEB-INF/web.xml b/projectmgr/webapp/projectmgr/WEB-INF/web.xml
index 6cbf472..783d3f2 100644
--- a/projectmgr/webapp/projectmgr/WEB-INF/web.xml
+++ b/projectmgr/webapp/projectmgr/WEB-INF/web.xml
@@ -56,6 +56,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -64,6 +69,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/scrum/webapp/demotest/WEB-INF/web.xml b/scrum/webapp/demotest/WEB-INF/web.xml
index 5c8b85d..0b14b50 100644
--- a/scrum/webapp/demotest/WEB-INF/web.xml
+++ b/scrum/webapp/demotest/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener>
         <listener-class>org.apache.ofbiz.webapp.control.ControlEventListener
diff --git a/scrum/webapp/scrum/WEB-INF/web.xml b/scrum/webapp/scrum/WEB-INF/web.xml
index 11d7000..6f2ec6f 100644
--- a/scrum/webapp/scrum/WEB-INF/web.xml
+++ b/scrum/webapp/scrum/WEB-INF/web.xml
@@ -53,6 +53,11 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -61,6 +66,10 @@ under the License.
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/webpos/webapp/webpos/WEB-INF/web.xml b/webpos/webapp/webpos/WEB-INF/web.xml
index 1be2f7e..a2d4d15 100644
--- a/webpos/webapp/webpos/WEB-INF/web.xml
+++ b/webpos/webapp/webpos/WEB-INF/web.xml
@@ -61,6 +61,11 @@
         <filter-name>ContextFilter</filter-name>
         <filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
     </filter>
+    <filter>
+        <display-name>SameSiteFilter</display-name>
+        <filter-name>SameSiteFilter</filter-name>
+        <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>ControlFilter</filter-name>
         <url-pattern>/*</url-pattern>
@@ -69,6 +74,10 @@
         <filter-name>ContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>SameSiteFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
     <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->