[deltaspike] branch master updated: DELTASPIKE-1413 add SameSite=Strict to dsrwid cookie

Thu, 04 Mar 2021 14:50:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

struberg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/deltaspike.git


The following commit(s) were added to refs/heads/master by this push:
     new 9d0e3d1  DELTASPIKE-1413 add SameSite=Strict to dsrwid cookie
9d0e3d1 is described below

commit 9d0e3d1af0cb7e62c810ec23f97e12e86ab3cf6f
Author: Mark Struberg <[email protected]>
AuthorDate: Thu Mar 4 23:48:41 2021 +0100

    DELTASPIKE-1413 add SameSite=Strict to dsrwid cookie
    
    Sadly had to manually add the SetCookie header as Javas Cookie
    class does not have a SameSite attribute.
---
 .../deltaspike/jsf/impl/util/ClientWindowHelper.java      | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git 
a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/ClientWindowHelper.java
 
b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/ClientWindowHelper.java
index 858c1f3..2aed78e 100644
--- 
a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/ClientWindowHelper.java
+++ 
b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/ClientWindowHelper.java
@@ -19,7 +19,6 @@
 package org.apache.deltaspike.jsf.impl.util;
 
 import java.io.IOException;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.logging.Level;
@@ -153,12 +152,16 @@ public abstract class ClientWindowHelper
 
     public static void addRequestWindowIdCookie(FacesContext context, String 
requestToken, String windowId)
     {
-        Map<String, Object> properties = new HashMap();
-        properties.put("path", "/");
-        properties.put("maxAge", 30);
-
-        context.getExternalContext().addResponseCookie(
+        /* Sadly doesn't work due to SameSite is not allowed on Java cookies ^^
+            Map<String, Object> properties = new HashMap();
+            properties.put("path", "/");
+            properties.put("maxAge", 30);
+            context.getExternalContext().addResponseCookie(
                 Cookies.REQUEST_WINDOW_ID_PREFIX + requestToken, windowId, 
properties);
+        */
+        context.getExternalContext().addResponseHeader("Set-Cookie",
+            Cookies.REQUEST_WINDOW_ID_PREFIX + requestToken + "=" + windowId +
+                "; path=/; maxAge=30; SameSite=Strict");
     }
 
     public static Object getRequestWindowIdCookie(FacesContext context, String 
requestToken)

Reply via email to