You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Nathan Gough (Jira)" <ji...@apache.org> on 2022/10/06 18:48:00 UTC

[jira] [Comment Edited] (NIFI-10595) Merged Set-Cookie Values

    [ https://issues.apache.org/jira/browse/NIFI-10595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613242#comment-17613242 ] 

Nathan Gough edited comment on NIFI-10595 at 10/6/22 6:47 PM:
--------------------------------------------------------------

Hi Michael, could we please have more details on what you're trying to achieve, and what specifically the issue is when the cookie is merged? What error are you seeing on the application side?

My understanding is that you're trying to do the following:
 # An application makes a request to NiFi (HandleHTTPRequest) with two Set-Cookie headers
 # The cookies are implicitly merged by NiFi
 # You are unable to respond to the application using HandleHTTPResponse because the cookie headers are merged, and there's no way to set these headers separately again as shown in duplicate.jpg


was (Author: thenatog):
Hi Michael, could we please have more details on what you're trying to achieve, and what specifically the issue is when the cookie is merged? What error are you seeing on the application side?

My understanding is that you're trying to do the following:
 # An application makes a request to NiFi (HandleHTTPRequest) it responds with two Set-Cookie headers
 # The cookies are implicitly merged by NiFi
 # You are unable to respond to the application using HandleHTTPResponse because the cookie headers are merged, and there's no way to set these headers separately again as shown in duplicate.jpg

> Merged Set-Cookie Values
> ------------------------
>
>                 Key: NIFI-10595
>                 URL: https://issues.apache.org/jira/browse/NIFI-10595
>             Project: Apache NiFi
>          Issue Type: Wish
>          Components: Core Framework
>    Affects Versions: 1.17.0
>         Environment: docker pull nifi
> Running in docker environment
> DefectDojo-> NiFi -> Jira
>            Reporter: michael endrizzi
>            Priority: Critical
>         Attachments: cookie.jpg, duplicate.jpg
>
>
> App A generates multiple Set-Cookie attributes
>  
> Set-Cookie: JSESSIONID=332A0702B579B2C2E978F156CA2D2CA2; Path=/; HttpOnly
> X-Seraph-LoginReason: OK
> Set-Cookie: atlassian.xsrf.token=BG2A-03LA-WE1W-P6YO_eb6999a3eeebf8ac3daa9d048e5434f70636849f_lin; Path=/
>  
> and NiFi merges the cookie values into a single line
>  
> Set-Cookie: JSESSIONID=332A0702B579B2C2E978F156CA2D2CA2; Path=/; HttpOnly, atlassian.xsrf.token=BG2A-03LA-WE1W-P6YO_eb6999a3eeebf8ac3daa9d048e5434f70636849f_lin; Path=/
>  
> Unfortunately, applications do not all like this format. Seems to violate standards:
> https://httpd.apache.org/docs/2.0/misc/known_client_problems.html#cookie-merge
>  
> In addition, NiFi does not allow you to manually add a second duplicate header (see attached)
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)