You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Krishna Pandey (JIRA)" <ji...@apache.org> on 2017/05/11 11:42:04 UTC

[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie

     [ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Krishna Pandey updated KNOX-933:
--------------------------------
    Attachment: KNOX-933_master_v1.patch

Attaching patch.

> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> ----------------------------------------------------------------
>
>                 Key: KNOX-933
>                 URL: https://issues.apache.org/jira/browse/KNOX-933
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Larry McCay
>              Labels: KIP-7
>             Fix For: 0.13.0
>
>         Attachments: KNOX-933_master_v1.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but we should make sure that all cookies have HttpOnly and Secure flags set. We should separately consider deprecating and removing this provider.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)