Re: [PR] Fix FE web insecure cookie setting #26056 [doris]

via GitHub Thu, 02 Nov 2023 07:22:52 -0700


LuGuangming commented on code in PR #26057:
URL: https://github.com/apache/doris/pull/26057#discussion_r1380222033



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java:
##########
@@ -104,7 +104,7 @@ public ActionAuthorizationInfo 
checkWithCookie(HttpServletRequest request,
     protected void addSession(HttpServletRequest request, HttpServletResponse 
response, SessionValue value) {
         String key = UUID.randomUUID().toString();
         Cookie cookie = new Cookie(PALO_SESSION_ID, key);
-        cookie.setSecure(false);
+        cookie.setSecure(true);

Review Comment:
   we can use enale_https to set cookie.setSecure true or false



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Fix FE web insecure cookie setting #26056 [doris]

Reply via email to