samesite-cookie expression filter stopped working after applying 7.3 Update 6
Issue
- After applying 7.3 Update 6 the below error occurs:
ERROR [io.undertow.request] (default I/O-3) UT005071: Undertow request failed HttpServerExchange{ GET /ffc-2.0/pa/login.xhtml}: java.lang.IllegalArgumentException: UT000045: Error parsing predicated handler string no handler named samesite-cookie known handlers are [disallowed-methods, allowed-methods, buffer-request, jdbc-access-log, http-continue-accept, secure-cookie, access-log, mark-secure, response-rate-limit, canonical-path, response-code, disable-cache, ssl-headers, trace, blocking, url-decoding, error-file, access-control, redirect, set, ip-access-control, request-limit, resource, compress, restart, clear, byte-range, eager-form-parser, done, rewrite, forwarded, stuck-thread-detector, reverse-proxy, jvm-route, learning-push, dump-request, proxy-peer-address, resolve-local-name, header, store-response, path-separator, uncompress, resolve-peer-name]:
samesite-cookie(mode=strict)
Environment
- Red Hat JBoss Enterprise Application Platform (EAP) 7.3.6
- samesite-cookie expression filter:
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" instance-id="node1" default-security-domain="other" statistics-enabled="false">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="200000000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<ajp-listener name="ajp" socket-binding="ajp" scheme="http" max-connections="450"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="samesite-cookie-filter"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<session-cookie http-only="true" secure="true"/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<expression-filter name="samesite-cookie-filter" expression="samesite-cookie(mode=strict)"/>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.