You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by "Barry Books (JIRA)" <ji...@apache.org> on 2016/02/22 18:15:18 UTC
[jira] [Commented] (TAP5-2327) The Cookies interface should provide
an option to mark cookies as httpOnly
[ https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157307#comment-15157307 ]
Barry Books commented on TAP5-2327:
-----------------------------------
I don't think I can update the version number but this is still a problem in 5.4. To fix this the following should be added to the CookieBuilder class:
protected boolean httpOnly;
public CookieBuilder setHttpOnly(boolean httpOnly) {
this.httpOnly = httpOnly;
return this;
}
The current CookiesImpl service will continue to work as is for servlet 2.5 but I will be possible to override it with a version for servlet 3.0
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7
> Reporter: Martin Schneider
> Labels: bulk-close-candidate
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)