You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Chang Zhichao (Jira)" <ji...@apache.org> on 2022/03/09 06:50:00 UTC

[jira] (KNOX-2015) Need the ability to blacklist certain cookies with ConfigurableDispatch

    [ https://issues.apache.org/jira/browse/KNOX-2015 ]


    Chang Zhichao deleted comment on KNOX-2015:
    -------------------------------------

was (Author: changzc_330):
Hi, [~smolnar] , in commit "KNOX-2015 - Allow end-users to exclude only certain directives of the SET-COOKIE HTTP header (#154)", I notice that DefaultDispatch replace cookie separator with "".
{quote}headerValuesToCheck = headerValuesToCheck.stream().map(h -> h.replaceAll(separator.trim(), "")).collect(Collectors.toSet());{quote}
This change will change the SET-COOKIE HTTP header and made my login process failed.

Why we need this change? Can we keep the SET-COOKIE HTTP header unchanged, just as [RFC 6265|https://www.rfc-editor.org/rfc/rfc6265#section-4.2.1] defined？

> Need the ability to blacklist certain cookies with ConfigurableDispatch
> -----------------------------------------------------------------------
>
>                 Key: KNOX-2015
>                 URL: https://issues.apache.org/jira/browse/KNOX-2015
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Sandeep More
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.4.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> With ConfigurableDispatch we can prevent cookies from setting, currently it is all or none, we need to be able to specify what cookies to avoid getting set.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)