Index: lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java =================================================================== diff -u -r50f84b60c632e10ccc6981f1ce142e28b23eb44c -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision 50f84b60c632e10ccc6981f1ce142e28b23eb44c) +++ lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -391,10 +391,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // Code to generate file and write file contents to response ServletOutputStream out = response.getOutputStream(); @@ -564,10 +561,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // Code to generate file and write file contents to response ServletOutputStream out = response.getOutputStream(); Index: lams_common/src/java/org/lamsfoundation/lams/util/WebUtil.java =================================================================== diff -u -r7760f9e623bc1c09b3f7f69831d6f5d8cb763927 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_common/src/java/org/lamsfoundation/lams/util/WebUtil.java (.../WebUtil.java) (revision 7760f9e623bc1c09b3f7f69831d6f5d8cb763927) +++ lams_common/src/java/org/lamsfoundation/lams/util/WebUtil.java (.../WebUtil.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -10,6 +10,7 @@ import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -555,4 +556,13 @@ transformer.transform(domSource, result); return writer.toString(); } + + public static void setFileDownloadTokenCookie(HttpServletRequest request, HttpServletResponse response) { + String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); + // cookie needs to be constructed manually so we can set SameSite=None + StringBuilder cookieHeaderValue = new StringBuilder("fileDownloadToken=").append(downloadTokenValue) + .append("; Path=/; "); + cookieHeaderValue.append("Secure; SameSite=Strict"); + response.setHeader("Set-Cookie", cookieHeaderValue.toString()); + } } Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java =================================================================== diff -u -rb52caf63d3119c1e91ff4638bde3e14981e508e1 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision b52caf63d3119c1e91ff4638bde3e14981e508e1) +++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -388,10 +388,7 @@ List sheets = gradebookService.exportLessonGradebook(lesson); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); ExcelUtil.createExcel(out, sheets, gradebookService.getMessage("gradebook.export.dateheader"), true); } @@ -423,10 +420,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // Code to generate file and write file contents to response ServletOutputStream out = response.getOutputStream(); @@ -465,10 +459,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // Code to generate file and write file contents to response ServletOutputStream out = response.getOutputStream(); Index: lams_learning/src/java/org/lamsfoundation/lams/learning/kumalive/KumaliveController.java =================================================================== diff -u -rd471fb4d4ad60b6568b9f3cb4ec9cd82c6fbe495 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_learning/src/java/org/lamsfoundation/lams/learning/kumalive/KumaliveController.java (.../KumaliveController.java) (revision d471fb4d4ad60b6568b9f3cb4ec9cd82c6fbe495) +++ lams_learning/src/java/org/lamsfoundation/lams/learning/kumalive/KumaliveController.java (.../KumaliveController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -1,11 +1,9 @@ package org.lamsfoundation.lams.learning.kumalive; import java.io.IOException; -import java.util.LinkedHashMap; import java.util.LinkedList; import java.util.List; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -24,7 +22,6 @@ import org.lamsfoundation.lams.util.FileUtil; import org.lamsfoundation.lams.util.JsonUtil; import org.lamsfoundation.lams.util.WebUtil; -import org.lamsfoundation.lams.util.excel.ExcelCell; import org.lamsfoundation.lams.util.excel.ExcelSheet; import org.lamsfoundation.lams.util.excel.ExcelUtil; import org.lamsfoundation.lams.web.session.SessionManager; @@ -35,8 +32,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ArrayNode; @@ -134,8 +129,8 @@ String sortOrder = WebUtil.readStrParam(request, CommonConstants.PARAM_SORD); String sortColumn = WebUtil.readStrParam(request, CommonConstants.PARAM_SIDX, true); - ObjectNode resultJSON = kumaliveService.getReportOrganisationData(organisationId, - sortColumn, !"DESC".equalsIgnoreCase(sortOrder), rowLimit, page); + ObjectNode resultJSON = kumaliveService.getReportOrganisationData(organisationId, sortColumn, + !"DESC".equalsIgnoreCase(sortOrder), rowLimit, page); response.setContentType("text/xml;charset=utf-8"); return resultJSON.toString(); } @@ -280,10 +275,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); ExcelUtil.createExcel(response.getOutputStream(), sheets, "Exported on:", true); } @@ -298,8 +290,8 @@ log.warn(warning); response.sendError(HttpServletResponse.SC_FORBIDDEN, warning); } - if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_MANAGER, Role.MONITOR }, "kumalive get rubrics", false)) { + if (!securityService.hasOrgRole(organisationId, userId, new String[] { Role.GROUP_MANAGER, Role.MONITOR }, + "kumalive get rubrics", false)) { String warning = "User " + userId + " is not a monitor of organisation " + organisationId; log.warn(warning); response.sendError(HttpServletResponse.SC_FORBIDDEN, warning); Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java =================================================================== diff -u -r40de3afab4e8d589660daffb6efd6e568e87f8fa -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java (.../GroupingUploadAJAXController.java) (revision 40de3afab4e8d589660daffb6efd6e568e87f8fa) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java (.../GroupingUploadAJAXController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -178,10 +178,7 @@ } // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); response.setContentType("application/x-download"); response.setHeader("Content-Disposition", "attachment;filename=" + fileName); Index: lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java =================================================================== diff -u -rff9b1c659da59060b4690a29bfdd493e8741b224 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java (.../MonitoringController.java) (revision ff9b1c659da59060b4690a29bfdd493e8741b224) +++ lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -858,10 +858,7 @@ log.debug("Exporting assessment to a spreadsheet: " + assessment.getContentId()); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); ServletOutputStream out = response.getOutputStream(); ExcelUtil.createExcel(out, sheets, service.getMessage("label.export.exported.on"), true); Index: lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/MonitoringController.java =================================================================== diff -u -r365a2c22199a5fe2b1e55e18cbf4b6d2596f202b -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 365a2c22199a5fe2b1e55e18cbf4b6d2596f202b) +++ lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -281,10 +281,7 @@ } // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // construct download file response header OutputStream out = response.getOutputStream(); Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java =================================================================== diff -u -r56c27b3189648840c72a62d403908a6e4378c7af -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 56c27b3189648840c72a62d403908a6e4378c7af) +++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -34,7 +34,6 @@ import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -597,10 +596,7 @@ List sheets = service.exportTeamReportSpreadsheet(toolContentId); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); ExcelUtil.createExcel(out, sheets, "Exported on:", true); Index: lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java =================================================================== diff -u -r804dca72fa2ac638a9d3e2e66054d82688951c31 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 804dca72fa2ac638a9d3e2e66054d82688951c31) +++ lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -248,10 +248,7 @@ response.setHeader("Content-Disposition", "attachment;filename=" + fileName); // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); // Code to generate file and write file contents to response ServletOutputStream out = response.getOutputStream(); Index: lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java =================================================================== diff -u -rf387f22d1d29e552262b9b538a3b46c1b766a3c7 -r53b1f5c6dcfb9e0d74e56c9647da69f07b889a55 --- lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java (.../MonitoringController.java) (revision f387f22d1d29e552262b9b538a3b46c1b766a3c7) +++ lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 53b1f5c6dcfb9e0d74e56c9647da69f07b889a55) @@ -32,7 +32,6 @@ import java.util.TimeZone; import javax.servlet.ServletOutputStream; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -469,10 +468,7 @@ } // set cookie that will tell JS script that export has been finished - String downloadTokenValue = WebUtil.readStrParam(request, "downloadTokenValue"); - Cookie fileDownloadTokenCookie = new Cookie("fileDownloadToken", downloadTokenValue); - fileDownloadTokenCookie.setPath("/"); - response.addCookie(fileDownloadTokenCookie); + WebUtil.setFileDownloadTokenCookie(request, response); String fileName = "lams_survey_" + toolSessionID + ".xlsx"; response.setContentType("application/x-download");