You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2019/09/20 12:59:00 UTC
[jira] [Commented] (KNOX-2015) Need the ability to blacklist
certain cookies with ConfigurableDispatch
[ https://issues.apache.org/jira/browse/KNOX-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934385#comment-16934385 ]
Sandor Molnar commented on KNOX-2015:
-------------------------------------
[~smore] - as far as I understood you can, currently, either exclude the {{SET-COOKIE}} header entirely (as well as any other request/response header) or include it in the outbound response by invoking \{{ConfigurableDispatch.setResponseExcludeHeaders}} with the appropriate {{Set}}. What you want is to provide a mean that certain {{SET-COOKIE}} headers are excluded but some of them are not. Right?
For instance:
* let say the following header is set in the inbound response : {{Set-Cookie: Domain=<domain-value>; Secure; HttpOnly}}
* as of now, you can configure Knox to exclude all of these (in fact the default setting is to exclude the {{SET-COOKIE}} header)
* however, one may want to configure Knox to exclude only the {{Domain=<domain-value>}} name/value pair going forward -> the outbound response header will still contain {{Set-Cookie: Secure; HttpOnly}}
Is my interpretation correct?
> Need the ability to blacklist certain cookies with ConfigurableDispatch
> -----------------------------------------------------------------------
>
> Key: KNOX-2015
> URL: https://issues.apache.org/jira/browse/KNOX-2015
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
>
> With ConfigurableDispatch we can prevent cookies from setting, currently it is all or none, we need to be able to specify what cookies to avoid getting set.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)