[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie

Krishna Pandey (JIRA) Thu, 11 May 2017 04:42:39 -0700

     [ 
https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Krishna Pandey updated KNOX-933:
--------------------------------
    Attachment: KNOX-933_master_v1.patch

Attaching patch.

> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> ----------------------------------------------------------------
>
>                 Key: KNOX-933
>                 URL: https://issues.apache.org/jira/browse/KNOX-933
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Larry McCay
>              Labels: KIP-7
>             Fix For: 0.13.0
>
>         Attachments: KNOX-933_master_v1.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, 
> but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but 
> we should make sure that all cookies have HttpOnly and Secure flags set. We 
> should separately consider deprecating and removing this provider.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie

Reply via email to