You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by Nathan Quirynen <na...@pensionarchitects.be> on 2016/01/11 16:55:48 UTC

Alter request header value in request filter

Hi,

Is it possible to alter a response header in a filter?
I already add some response headers with Response.setHeader(...), but I 
want to add "HttpOnly" to every Set-Cookie header. Or is there an 
alternative way to achieve this?

The JSESSIONID is apparently always set with HttpOnly, but not the 
cookies I add via the Cookies service.

I have tried the following configuration with no results:

1) added in web.xml:

     <session-config>
         <cookie-config>
             <http-only>true</http-only>
         </cookie-config>
         ...
     </session-config>

2) added in context.xml (Tomcat7)

     <Context useHttpOnly="true">


I'm using Tapestry 5.3.7.

Nathan