You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2019/10/18 17:04:09 UTC
[activemq] branch activemq-5.15.x updated: AMQ-7322 - Add HTTPOnly
flag to the webconsole + REST API Cookies
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch activemq-5.15.x
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/activemq-5.15.x by this push:
new 59c441d AMQ-7322 - Add HTTPOnly flag to the webconsole + REST API Cookies
59c441d is described below
commit 59c441d4de126d1cab817744c903d21d4abbc4b4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Oct 18 17:18:33 2019 +0100
AMQ-7322 - Add HTTPOnly flag to the webconsole + REST API Cookies
(cherry picked from commit 63b1238c4d1a0e10bd99ec9f3e6d2ee51b10c03d)
---
activemq-web-console/src/main/webapp/WEB-INF/web.xml | 5 ++++-
assembly/src/release/webapps/api/WEB-INF/web.xml | 8 +++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/activemq-web-console/src/main/webapp/WEB-INF/web.xml b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
index 2f50e5b..9672c84 100644
--- a/activemq-web-console/src/main/webapp/WEB-INF/web.xml
+++ b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
@@ -155,7 +155,10 @@
</error-page>
<session-config>
- <session-timeout>30</session-timeout>
+ <session-timeout>30</session-timeout>
+ <cookie-config>
+ <http-only>true</http-only>
+ </cookie-config>
</session-config>
<context-param>
diff --git a/assembly/src/release/webapps/api/WEB-INF/web.xml b/assembly/src/release/webapps/api/WEB-INF/web.xml
index 2b0caf6..e316422 100644
--- a/assembly/src/release/webapps/api/WEB-INF/web.xml
+++ b/assembly/src/release/webapps/api/WEB-INF/web.xml
@@ -71,4 +71,10 @@
<url-pattern>/jolokia/*</url-pattern>
</servlet-mapping>
-</web-app>
\ No newline at end of file
+ <session-config>
+ <cookie-config>
+ <http-only>true</http-only>
+ </cookie-config>
+ </session-config>
+
+</web-app>