You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by GitBox <gi...@apache.org> on 2020/08/20 18:46:32 UTC

[GitHub] [shiro] bmhm opened a new pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie

bmhm opened a new pull request #252:
URL: https://github.com/apache/shiro/pull/252


     Functional changes:
     - automatically set secure cookie on SameSiteOptions.NONE
     - added test for the default value = LAX
     - added test class for STRICT value
   
     Other changes:
     - add javadoc cookie description from developer.mozilla.org
     - add missing overrides
     - remove unused imports in AbstractShiroWebConfiguration and its test
   
   Following this checklist to help us incorporate your contribution quickly and easily:
   
    - [X] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/SHIRO) filed 
          for the change (usually before you start working on it).  Trivial changes like typos do not 
          require a JIRA issue.  Your pull request should address just this issue, without pulling in other changes.
    - [X] Each commit in the pull request should have a meaningful subject line and body.
    - [X] Format the pull request title like `[SHIRO-XXX] - Fixes bug in SessionManager`,
          where you replace `SHIRO-XXX` with the appropriate JIRA issue. Best practice
          is to use the JIRA issue title in the pull request title and in the first line of the commit message.
    - [X] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
    - [ ] Run `mvn clean install apache-rat:check` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
    - [X] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using `git rebase -i`. 
    
   Trivial changes like typos do not require a JIRA issue (javadoc, comments...). 
   In this case, just format the pull request title like `(DOC) - Add javadoc in SessionManager`.
    
   If this is your first contribution, you have to read the [Contribution Guidelines](https://github.com/apache/shiro/blob/master/CONTRIBUTING.md)
   
   If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) 
   if you are unsure please ask on the developers list.
   
   To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
   you have to acknowledge this by using the following check-box.
   
    - [X] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
    - [X] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bmhm commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie

Posted by GitBox <gi...@apache.org>.

bmhm commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474204083



##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
         cookie.setPath(path);
         cookie.setDomain(domain);
         cookie.setSecure(secure);
+        cookie.setSameSite(Cookie.SameSiteOptions.LAX);

Review comment:
       I did't run the test because merging the ClassUtilsTest blocked mvn compile… I was a bit quick. I'll add a cleanup commit first to the 1.6.x branch (via PR).




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bdemers commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)

Posted by GitBox <gi...@apache.org>.

bdemers commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-711027947


   Rebased on 1.6.x (CI should be happy now)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bmhm commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie

Posted by GitBox <gi...@apache.org>.

bmhm commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-678083172


   retest this please


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bdemers merged pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)

Posted by GitBox <gi...@apache.org>.

bdemers merged pull request #252:
URL: https://github.com/apache/shiro/pull/252


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bmhm commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie

Posted by GitBox <gi...@apache.org>.

bmhm commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474204083



##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
         cookie.setPath(path);
         cookie.setDomain(domain);
         cookie.setSecure(secure);
+        cookie.setSameSite(Cookie.SameSiteOptions.LAX);

Review comment:
       I did't run the test because merging the ClassUtilsTest blocked mvn compile… I was a bit quick. I'll add a cleanup commit first to the 1.6.x branch (via PR).




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bdemers commented on pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie (1.6.x)

Posted by GitBox <gi...@apache.org>.

bdemers commented on pull request #252:
URL: https://github.com/apache/shiro/pull/252#issuecomment-709415895


   @bmhm Take a look at #259, (and merge/rebase that change it)
   It will allow the ITs to run using HTTPS with the embedded jetty container


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shiro] bdemers commented on a change in pull request #252: [SHIRO-789] Add SameSite option to AbstractShiroWebConfiguration.buidCookie

Posted by GitBox <gi...@apache.org>.

bdemers commented on a change in pull request #252:
URL: https://github.com/apache/shiro/pull/252#discussion_r474200806



##########
File path: support/spring/src/main/java/org/apache/shiro/spring/web/config/AbstractShiroWebConfiguration.java
##########
@@ -123,6 +131,19 @@ protected Cookie buildCookie(String name, int maxAge, String path, String domain
         cookie.setPath(path);
         cookie.setDomain(domain);
         cookie.setSecure(secure);
+        cookie.setSameSite(Cookie.SameSiteOptions.LAX);

Review comment:
       nit: you could call the newer method from here




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org