You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/02/18 17:22:41 UTC
[myfaces-tobago] branch master updated: using only secure cookies
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/master by this push:
new 95cd862 using only secure cookies
95cd862 is described below
commit 95cd8629887924062098226e129c49227d62def4
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Thu Feb 18 15:55:59 2021 +0100
using only secure cookies
---
.../java/org/apache/myfaces/tobago/internal/util/CookieUtils.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/CookieUtils.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/CookieUtils.java
index ec344f3..f2b041b 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/CookieUtils.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/CookieUtils.java
@@ -91,6 +91,7 @@ public class CookieUtils {
}
cookie.setMaxAge(ONE_YEAR_IN_SECONDS);
}
+ cookie.setSecure(true);
response.addCookie(cookie);
}
}
@@ -99,6 +100,7 @@ public class CookieUtils {
final Cookie cookie = new Cookie(THEME_PARAMETER, themeName);
cookie.setPath(path);
cookie.setMaxAge(ONE_YEAR_IN_SECONDS);
+ cookie.setSecure(true);
response.addCookie(cookie);
}
}
@@ -106,14 +108,13 @@ public class CookieUtils {
public static void removeThemeNameCookie(
final HttpServletRequest request, final HttpServletResponse response) {
- String path = request.getContextPath();
- path = StringUtils.isBlank(path) ? "/" : path;
final Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (final Cookie cookie : cookies) {
if (THEME_PARAMETER.equals(cookie.getName())) {
cookie.setMaxAge(0);
cookie.setValue(null);
+ cookie.setSecure(true);
response.addCookie(cookie);
}
}