You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Barry Books (JIRA)" <ji...@apache.org> on 2016/02/26 17:39:18 UTC
[jira] [Comment Edited] (TAP5-2327) The Cookies interface should
provide an option to mark cookies as httpOnly
[ https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15169284#comment-15169284 ]
Barry Books edited comment on TAP5-2327 at 2/26/16 4:39 PM:
------------------------------------------------------------
Patch to add httpOnly method to support Servlet 3.0 spec. This will allow 5.4 apps built with latter version of Java to set httpOnly by overriding the Cookie service
was (Author: trsvax):
Patch to add httpOnly method to support Servlet 3.0 spec. This will allow 5.4 apps built with latter version of Java to set httpOnly by overriding the CookieSource service
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7, 5.4
> Reporter: Martin Schneider
> Attachments: 0001-TAP-2327-add-httpOnly-method-to-support-Servlet-3.0.patch
>
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)