[
https://issues.apache.org/jira/browse/KNOX-3134?focusedWorklogId=967847&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-967847
]
ASF GitHub Bot logged work on KNOX-3134:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Apr/25 14:34
Start Date: 28/Apr/25 14:34
Worklog Time Spent: 10m
Work Description: hanicz commented on PR #1029:
URL: https://github.com/apache/knox/pull/1029#issuecomment-2835461489
> Looks good. My only note is do we have a usecase where this needs to be
false? i.e. when we are not using https, what happens then does it break? There
could be cases where users might not want to use https.
We might have such usecase. I can check the SSL enabled gateway config and
only add the secure attribute if it is set to true.
Issue Time Tracking
-------------------
Worklog Id: (was: 967847)
Time Spent: 20m (was: 10m)
> pac4jCsrfToken cookie Secure and HttpOnly attributes are not set
> ----------------------------------------------------------------
>
> Key: KNOX-3134
> URL: https://issues.apache.org/jira/browse/KNOX-3134
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.2.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> pac4jCsrfToken cookie Secure and HttpOnly attributes are not set
>
> The fix is included in 5.1.5
> [https://www.pac4j.org/5.1.x/docs/release-notes.html]
> pac4j 5.x requires jdk11
> [https://www.pac4j.org/docs/alldocs.html]
>
> Custom solution is required to set the attributes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
