You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2015/12/13 06:47:33 UTC
svn commit: r1719764 - in /ofbiz/trunk:
applications/marketing/src/org/ofbiz/marketing/tracking/
applications/order/src/org/ofbiz/order/shoppinglist/
applications/securityext/src/org/ofbiz/securityext/login/
framework/webapp/src/org/ofbiz/webapp/contro...
Author: jleroux
Date: Sun Dec 13 05:47:33 2015
New Revision: 1719764
URL: http://svn.apache.org/viewvc?rev=1719764&view=rev
Log:
Reverts r1719762 because of OFBIZ-6655
Modified:
ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
Modified: ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java (original)
+++ ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java Sun Dec 13 05:47:33 2015
@@ -31,14 +31,14 @@ import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilDateTime;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.webapp.stats.VisitHandler;
+import org.ofbiz.webapp.website.WebSiteWorker;
import org.ofbiz.entity.Delegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.util.EntityQuery;
import org.ofbiz.entity.util.EntityUtilProperties;
import org.ofbiz.product.category.CategoryWorker;
-import org.ofbiz.webapp.stats.VisitHandler;
-import org.ofbiz.webapp.website.WebSiteWorker;
/**
* Events used for maintaining TrackingCode related information
@@ -228,8 +228,6 @@ public class TrackingCodeEvents {
if (trackableLifetime.longValue() > 0) trackableCookie.setMaxAge(trackableLifetime.intValue());
trackableCookie.setPath("/");
if (cookieDomain.length() > 0) trackableCookie.setDomain(cookieDomain);
- trackableCookie.setSecure(true);
- trackableCookie.setHttpOnly(true);
response.addCookie(trackableCookie);
}
@@ -240,8 +238,6 @@ public class TrackingCodeEvents {
if (billableLifetime.longValue() > 0) billableCookie.setMaxAge(billableLifetime.intValue());
billableCookie.setPath("/");
if (cookieDomain.length() > 0) billableCookie.setDomain(cookieDomain);
- billableCookie.setSecure(true);
- billableCookie.setHttpOnly(true);
response.addCookie(billableCookie);
}
@@ -268,17 +264,13 @@ public class TrackingCodeEvents {
siteIdCookie.setMaxAge(siteIdCookieAge);
siteIdCookie.setPath("/");
if (cookieDomain.length() > 0) siteIdCookie.setDomain(cookieDomain);
- siteIdCookie.setSecure(true);
- siteIdCookie.setHttpOnly(true);
- response.addCookie(siteIdCookie);
+ response.addCookie(siteIdCookie);
// if trackingCode.siteId is not null write a trackable cookie with name in the form: Ofbiz.TKCSiteId and timeout will be 60 * 60 * 24 * 365
Cookie updatedTimeStampCookie = new Cookie("Ofbiz.TKCD.UpdatedTimeStamp" ,UtilDateTime.nowTimestamp().toString());
updatedTimeStampCookie.setMaxAge(siteIdCookieAge);
updatedTimeStampCookie.setPath("/");
if (cookieDomain.length() > 0) updatedTimeStampCookie.setDomain(cookieDomain);
- updatedTimeStampCookie.setSecure(true);
- updatedTimeStampCookie.setHttpOnly(true);
- response.addCookie(updatedTimeStampCookie);
+ response.addCookie(updatedTimeStampCookie);
}
}
Modified: ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java (original)
+++ ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java Sun Dec 13 05:47:33 2015
@@ -669,8 +669,6 @@ public class ShoppingListEvents {
Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, autoSaveListId);
guestShoppingListCookie.setMaxAge(cookieAge);
guestShoppingListCookie.setPath("/");
- guestShoppingListCookie.setSecure(true);
- guestShoppingListCookie.setHttpOnly(true);
response.addCookie(guestShoppingListCookie);
}
}
@@ -694,8 +692,6 @@ public class ShoppingListEvents {
Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, null);
guestShoppingListCookie.setMaxAge(0);
guestShoppingListCookie.setPath("/");
- guestShoppingListCookie.setSecure(true);
- guestShoppingListCookie.setHttpOnly(true);
response.addCookie(guestShoppingListCookie);
return "success";
}
Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Sun Dec 13 05:47:33 2015
@@ -430,8 +430,6 @@ public class LoginEvents {
cookie.setMaxAge(60 * 60 * 24 * 365);
cookie.setPath("/");
cookie.setDomain(domain);
- cookie.setSecure(true);
- cookie.setHttpOnly(true);
response.addCookie(cookie);
}
}
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Sun Dec 13 05:47:33 2015
@@ -763,8 +763,6 @@ public class LoginWorker {
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setDomain(domain);
autoLoginCookie.setPath("/");
- autoLoginCookie.setSecure(true);
- autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
} else {
@@ -835,8 +833,6 @@ public class LoginWorker {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(0);
autoLoginCookie.setPath("/");
- autoLoginCookie.setSecure(true);
- autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
}
// remove the session attributes
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Sun Dec 13 05:47:33 2015
@@ -1000,25 +1000,14 @@ public class RequestHandler {
resp.addHeader("strict-transport-security", strictTransportSecurity);
}
} else {
- if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) {
+ if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) { // FIXME later pass req.getAttribute("delegator") as last argument
resp.addHeader("strict-transport-security", "max-age=31536000; includeSubDomains");
}
}
//The only x-vontent-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
// This also applies to Google Chrome, when downloading extensions.
- resp.addHeader("x-content-type-options", "nosniff");
-
- String setCookie = resp.getHeader("set-cookie");
- if (UtilValidate.isNotEmpty(setCookie)) {
- setCookie = setCookie.toLowerCase();
- if (!setCookie.contains("secure")) {
- resp.setHeader("set-cookie", setCookie + "; secure;"); // Adds a ";" trail to be sure to separate things
- }
- if (!setCookie.contains("httponly")) {
- resp.setHeader("set-cookie", setCookie + "; httponly;"); // Adds a ";" trail to be sure to separate things
- }
- }
+ resp.addHeader("x-content-type-options", "nosniff");
try {
if (Debug.verboseOn()) Debug.logVerbose("Rendering view [" + nextPage + "] of type [" + viewMap.type + "]", module);
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java Sun Dec 13 05:47:33 2015
@@ -271,8 +271,6 @@ public class VisitHandler {
Cookie visitorCookie = new Cookie(visitorCookieName, visitor.getString("visitorId"));
visitorCookie.setMaxAge(60 * 60 * 24 * 365);
visitorCookie.setPath("/");
- visitorCookie.setSecure(true);
- visitorCookie.setHttpOnly(true);
response.addCookie(visitorCookie);
}
}