You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Chang Zhichao (Jira)" <ji...@apache.org> on 2022/03/09 06:50:00 UTC
[jira] (KNOX-2015) Need the ability to blacklist certain cookies with ConfigurableDispatch
[ https://issues.apache.org/jira/browse/KNOX-2015 ]
Chang Zhichao deleted comment on KNOX-2015:
-------------------------------------
was (Author: changzc_330):
Hi, [~smolnar] , in commit "KNOX-2015 - Allow end-users to exclude only certain directives of the SET-COOKIE HTTP header (#154)", I notice that DefaultDispatch replace cookie separator with "".
{quote}headerValuesToCheck = headerValuesToCheck.stream().map(h -> h.replaceAll(separator.trim(), "")).collect(Collectors.toSet());{quote}
This change will change the SET-COOKIE HTTP header and made my login process failed.
Why we need this change? Can we keep the SET-COOKIE HTTP header unchanged, just as [RFC 6265|https://www.rfc-editor.org/rfc/rfc6265#section-4.2.1] defined?
> Need the ability to blacklist certain cookies with ConfigurableDispatch
> -----------------------------------------------------------------------
>
> Key: KNOX-2015
> URL: https://issues.apache.org/jira/browse/KNOX-2015
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> With ConfigurableDispatch we can prevent cookies from setting, currently it is all or none, we need to be able to specify what cookies to avoid getting set.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)