You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by jk...@apache.org on 2020/11/03 10:51:23 UTC
[unomi] 01/01: UNOMI-391: provide SameSite=Lax configuration on
profile id cookie
This is an automated email from the ASF dual-hosted git repository.
jkevan pushed a commit to branch profileCookieLax
in repository https://gitbox.apache.org/repos/asf/unomi.git
commit cba088e49ec42adcf4f79d513b7c9efaa0e67861
Author: Kevan <ke...@jahia.com>
AuthorDate: Tue Nov 3 11:51:06 2020 +0100
UNOMI-391: provide SameSite=Lax configuration on profile id cookie
---
.../baseplugin/actions/MergeProfilesOnPropertyAction.java | 13 ++++++-------
wab/src/main/java/org/apache/unomi/web/HttpUtils.java | 14 +++++++-------
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
index da92a24..8200985 100644
--- a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
+++ b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
@@ -206,13 +206,12 @@ public class MergeProfilesOnPropertyAction implements ActionExecutor {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
if (!(profile instanceof Persona)) {
- Cookie profileIdCookie = new Cookie(profileIdCookieName, profile.getItemId());
- profileIdCookie.setPath("/");
- if (profileIdCookieDomain != null && !profileIdCookieDomain.equals("")) {
- profileIdCookie.setDomain(profileIdCookieDomain);
- }
- profileIdCookie.setMaxAge(cookieAgeInSeconds);
- httpServletResponse.addCookie(profileIdCookie);
+ httpServletResponse.addHeader("Set-Cookie",
+ profileIdCookieName + "=" + profile.getItemId() +
+ "; Path=/" +
+ "; Max-Age=" + cookieAgeInSeconds +
+ (StringUtils.isNotBlank(profileIdCookieDomain) ? ("; Domain=" + profileIdCookieDomain) : "") +
+ "; SameSite=Lax");
}
}
}
diff --git a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
index 6837c0d..a6c34a3 100644
--- a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
+++ b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
@@ -17,6 +17,7 @@
package org.apache.unomi.web;
+import org.apache.commons.lang3.StringUtils;
import org.apache.unomi.api.Persona;
import org.apache.unomi.api.Profile;
@@ -117,13 +118,12 @@ public class HttpUtils {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
if (!(profile instanceof Persona)) {
- Cookie profileIdCookie = new Cookie(profileIdCookieName, profile.getItemId());
- profileIdCookie.setPath("/");
- if (profileIdCookieDomain != null && !profileIdCookieDomain.equals("")) {
- profileIdCookie.setDomain(profileIdCookieDomain);
- }
- profileIdCookie.setMaxAge(profileIdCookieMaxAgeInSeconds);
- httpServletResponse.addCookie(profileIdCookie);
+ httpServletResponse.addHeader("Set-Cookie",
+ profileIdCookieName + "=" + profile.getItemId() +
+ "; Path=/" +
+ "; Max-Age=" + profileIdCookieMaxAgeInSeconds +
+ (StringUtils.isNotBlank(profileIdCookieDomain) ? ("; Domain=" + profileIdCookieDomain) : "") +
+ "; SameSite=Lax");
}
}
}