[jira] [Work logged] (KNOX-2946) Cookie Path Scoping doesn't work when using default topology URL

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2946?focusedWorklogId=876361&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-876361
 ]

ASF GitHub Bot logged work on KNOX-2946:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Aug/23 16:15
            Start Date: 15/Aug/23 16:15
    Worklog Time Spent: 10m 
      Work Description: zeroflag opened a new pull request, #786:
URL: https://github.com/apache/knox/pull/786

   ## What changes were proposed in this pull request?
   
   When cookie path scoping is enabled knox will update the Path attribute of 
the cookies with `/gateway/topology_name`.
   This doesn't work when a service is accessed via the default topology name 
(there is no `gateway/topology_name` in the url).
   
   ## How was this patch tested?
   
   Enable cookie scoping + set default topology to sandbox:
   
   ```xml
       <property>
           <name>default.app.topology.name</name>
           <value>sandbox</value>
       </property>
       <property>
           <name>gateway.scope.cookies.feature.enabled</name>
           <value>true</value>
       </property>
   ```
   
   Set service url in sandbox.xml:
   
   ```xml
       <service>
           <role>HIVE</role>
           <url>http://localhost:1701</url>
       </service>
   ```
   
   Set up a test http server:
   
   ```smalltalk
   Teapot on
       GET: '/' -> [:req |  ZnResponse noContent
        addCookie: ((ZnCookie name: 'test' value:'val') path: 
'/original/path'); 
        yourself ];
        start. 
   ```
   
   Unblock cookies in service.xml (data/services/hive/0.13.0/service.xml):
   ```xml
          <param>
               <name>responseExcludeHeaders</name>
               <value>SET-COOKIE;asdfg</value>
         </param>
   ```
   
   Cookie path is updated when using the full URL:
   
   ```
   $ curl -u admin:admin-password -k -v 
https://localhost:8443/gateway/sandbox/hive
   
   < HTTP/1.1 204 No Content
   < Set-Cookie: test=val; Path=/gateway/sandbox/original/path
   ```
   
   Cookie path is not updated when using the default URL:
   
   ```
   $ curl -u admin:admin-password -k -v https://localhost:8443/hive
   
   < HTTP/1.1 204 No Content
   < Set-Cookie: test=val; path=/original/path
   ```




Issue Time Tracking
-------------------

            Worklog Id:     (was: 876361)
    Remaining Estimate: 0h
            Time Spent: 10m

> Cookie Path Scoping doesn't work when using default topology URL
> ----------------------------------------------------------------
>
>                 Key: KNOX-2946
>                 URL: https://issues.apache.org/jira/browse/KNOX-2946
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When gateway.scope.cookies.feature.enabled is turned on, knox will update the 
> Path attribute of the Set-Cookie header to /ctxpath/topology_name/, e.g.: 
> Original:
> Set-Cookie: xxx Path = /
> Updated:
> Set-Cookie: xxx Path = /gateway/cdp-proxy
> However, when the gateway.default.app.topology.name is set to cdp-proxy, and 
> we access a service via the default topology (there is no cdp-proxy in the 
> URL) then the cookie will be blocked by the browser.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)