You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2019/09/24 08:46:45 UTC

[GitHub] [knox] smolnar82 opened a new pull request #154: KNOX-2015 - Allow end-users to exclude only certain directives of the SET-COOKIE HTTP header

smolnar82 opened a new pull request #154: KNOX-2015 - Allow end-users to exclude only certain directives of the SET-COOKIE HTTP header
URL: https://github.com/apache/knox/pull/154
 
 
   ## What changes were proposed in this pull request?
   
   As of now, end-users can either exclude the SET-COOKIE header entirely (as well as any other request/response header) or include it in the outbound response by invoking `ConfigurableDispatch.setResponseExcludeHeaders` with the appropriate `Set`. What this change brought to the table is that certain SET-COOKIE headers are excluded but some of them are not. 
   
   For instance:
   - let say the following header is set in the inbound response: `Set-Cookie: Domain=<domain-value>; Secure; HttpOnly`
   - as of now, one can configure Knox to exclude all of these (in fact the default setting is to exclude the SET-COOKIE header)
   - however, one may want to configure Knox to exclude only the `Domain=<domain-value>` name/value pair going forward -> the outbound response header will still contain `Set-Cookie: Secure; HttpOnly`
   
   ## How was this patch tested?
   
   Added JUnit tests and executed them (running integration tests too where some of the test cases - e.g. `org.apache.knox.gateway.GatewayBasicFuncTest.testXForwardHeadersPopulate()` - check response headers too)
   
   ```
   [INFO] ------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] ------------------------------------------------------------------------
   [INFO] Total time: 17:46 min (Wall Clock)
   [INFO] Finished at: 2019-09-23T22:32:34+02:00
   [INFO] Final Memory: 383M/2024M
   [INFO] ------------------------------------------------------------------------
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services