[05/50] [abbrv] hadoop git commit: YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.

xyao Fri, 19 Oct 2018 13:19:18 -0700

YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/2202e00b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/2202e00b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/2202e00b

Branch: refs/heads/HDDS-4
Commit: 2202e00ba8a44ad70f0a90e6c519257e3ae56a36
Parents: 3ed7163
Author: Sunil G <sun...@apache.org>
Authored: Thu Oct 18 15:22:50 2018 +0530
Committer: Sunil G <sun...@apache.org>
Committed: Thu Oct 18 15:23:20 2018 +0530

----------------------------------------------------------------------
 .../java/org/apache/hadoop/yarn/webapp/Dispatcher.java  | 12 +++++++++---
 .../hadoop/yarn/server/webproxy/WebAppProxyServlet.java |  1 +
 2 files changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/2202e00b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
----------------------------------------------------------------------
diff --git 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
index d519dbb..4d54b6a 100644
--- 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
+++ 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java
@@ -179,10 +179,10 @@ public class Dispatcher extends HttpServlet {
     String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
                         : "See logs for stack trace";
     res.setStatus(res.SC_FOUND);
-    Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500));
+    Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500));
     cookie.setPath(path);
     res.addCookie(cookie);
-    cookie = new Cookie(ERROR_COOKIE, st);
+    cookie = createCookie(ERROR_COOKIE, st);
     cookie.setPath(path);
     res.addCookie(cookie);
     res.setHeader("Location", path);
@@ -196,7 +196,7 @@ public class Dispatcher extends HttpServlet {
   public static void removeCookie(HttpServletResponse res, String name,
                                   String path) {
     LOG.debug("removing cookie {} on {}", name, path);
-    Cookie c = new Cookie(name, "");
+    Cookie c = createCookie(name, "");
     c.setMaxAge(0);
     c.setPath(path);
     res.addCookie(c);
@@ -249,4 +249,10 @@ public class Dispatcher extends HttpServlet {
       }
     }, 18); // enough time for the last local request to complete
   }
+
+  private static Cookie createCookie(String name, String val) {
+    Cookie cookie = new Cookie(name, val);
+    cookie.setHttpOnly(true);
+    return cookie;
+  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/2202e00b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java
----------------------------------------------------------------------
diff --git 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java
 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java
index 2dc3a46..c804f72 100644
--- 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java
+++ 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java
@@ -322,6 +322,7 @@ public class WebAppProxyServlet extends HttpServlet {
   
   private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
     Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
+    c.setHttpOnly(true);
     c.setPath(ProxyUriUtils.getPath(id));
     c.setMaxAge(60 * 60 * 2); //2 hours in seconds
     return c;


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

[05/50] [abbrv] hadoop git commit: YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.

Reply via email to