Re: [PR] Fix FE web insecure cookie setting #26056 [doris]

via GitHub Thu, 02 Nov 2023 02:27:42 -0700


vinlee19 commented on code in PR #26057:
URL: https://github.com/apache/doris/pull/26057#discussion_r1379812857



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java:
##########
@@ -104,7 +104,7 @@ public ActionAuthorizationInfo 
checkWithCookie(HttpServletRequest request,
     protected void addSession(HttpServletRequest request, HttpServletResponse 
response, SessionValue value) {
         String key = UUID.randomUUID().toString();
         Cookie cookie = new Cookie(PALO_SESSION_ID, key);
-        cookie.setSecure(false);
+        cookie.setSecure(true);

Review Comment:
   Maybe  we can set the cookie secure flag in the fe.config ,by default the 
values is false.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Fix FE web insecure cookie setting #26056 [doris]

Reply via email to