You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by GitBox <gi...@apache.org> on 2020/08/20 18:46:32 UTC
[GitHub] [shiro] bmhm opened a new pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie
bmhm opened a new pull request #252:
URL: https://github.com/apache/shiro/pull/252
Functional changes:
- automatically set secure cookie on SameSiteOptions.NONE
- added test for the default value = LAX
- added test class for STRICT value
Other changes:
- add javadoc cookie description from developer.mozilla.org
- add missing overrides
- remove unused imports in AbstractShiroWebConfiguration and its test
Following this checklist to help us incorporate your contribution quickly and easily:
- [X] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/SHIRO) filed
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
- [X] Each commit in the pull request should have a meaningful subject line and body.
- [X] Format the pull request title like `[SHIRO-XXX] - Fixes bug in SessionManager`,
where you replace `SHIRO-XXX` with the appropriate JIRA issue. Best practice
is to use the JIRA issue title in the pull request title and in the first line of the commit message.
- [X] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [ ] Run `mvn clean install apache-rat:check` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
- [X] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using `git rebase -i`.
Trivial changes like typos do not require a JIRA issue (javadoc, comments...).
In this case, just format the pull request title like `(DOC) - Add javadoc in SessionManager`.
If this is your first contribution, you have to read the [Contribution Guidelines](https://github.com/apache/shiro/blob/master/CONTRIBUTING.md)
If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf)
if you are unsure please ask on the developers list.
To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
- [X] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
- [X] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bmhm commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie
Posted by GitBox <gi...@apache.org>.
bmhm commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474204083
##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
cookie.setPath(path);
cookie.setDomain(domain);
cookie.setSecure(secure);
+ cookie.setSameSite(Cookie.SameSiteOptions.LAX);
Review comment:
I did't run the test because merging the ClassUtilsTest blocked mvn compileā¦ I was a bit quick. I'll add a cleanup commit first to the 1.6.x branch (via PR).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bdemers commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)
Posted by GitBox <gi...@apache.org>.
bdemers commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-711027947
Rebased on 1.6.x (CI should be happy now)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bmhm commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie
Posted by GitBox <gi...@apache.org>.
bmhm commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-678083172
retest this please
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bdemers merged pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)
Posted by GitBox <gi...@apache.org>.
bdemers merged pull request #252:
URL: https://github.com/apache/shiro/pull/252
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bmhm commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie
Posted by GitBox <gi...@apache.org>.
bmhm commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474204083
##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
cookie.setPath(path);
cookie.setDomain(domain);
cookie.setSecure(secure);
+ cookie.setSameSite(Cookie.SameSiteOptions.LAX);
Review comment:
I did't run the test because merging the ClassUtilsTest blocked mvn compileā¦ I was a bit quick. I'll add a cleanup commit first to the 1.6.x branch (via PR).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bdemers commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)
Posted by GitBox <gi...@apache.org>.
bdemers commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-709415895
@bmhm Take a look at #259, (and merge/rebase that change it)
It will allow the ITs to run using HTTPS with the embedded jetty container
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shiro] bdemers commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie
Posted by GitBox <gi...@apache.org>.
bdemers commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474200806
##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
cookie.setPath(path);
cookie.setDomain(domain);
cookie.setSecure(secure);
+ cookie.setSameSite(Cookie.SameSiteOptions.LAX);
Review comment:
nit: you could call the newer method from here
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org