This is an automated email from the ASF dual-hosted git repository. jkevan pushed a commit to branch profileCookieLax in repository https://gitbox.apache.org/repos/asf/unomi.git
commit cba088e49ec42adcf4f79d513b7c9efaa0e67861 Author: Kevan <[email protected]> AuthorDate: Tue Nov 3 11:51:06 2020 +0100 UNOMI-391: provide SameSite=Lax configuration on profile id cookie --- .../baseplugin/actions/MergeProfilesOnPropertyAction.java | 13 ++++++------- wab/src/main/java/org/apache/unomi/web/HttpUtils.java | 14 +++++++------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java index da92a24..8200985 100644 --- a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java +++ b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java @@ -206,13 +206,12 @@ public class MergeProfilesOnPropertyAction implements ActionExecutor { if (response instanceof HttpServletResponse) { HttpServletResponse httpServletResponse = (HttpServletResponse) response; if (!(profile instanceof Persona)) { - Cookie profileIdCookie = new Cookie(profileIdCookieName, profile.getItemId()); - profileIdCookie.setPath("/"); - if (profileIdCookieDomain != null && !profileIdCookieDomain.equals("")) { - profileIdCookie.setDomain(profileIdCookieDomain); - } - profileIdCookie.setMaxAge(cookieAgeInSeconds); - httpServletResponse.addCookie(profileIdCookie); + httpServletResponse.addHeader("Set-Cookie", + profileIdCookieName + "=" + profile.getItemId() + + "; Path=/" + + "; Max-Age=" + cookieAgeInSeconds + + (StringUtils.isNotBlank(profileIdCookieDomain) ? ("; Domain=" + profileIdCookieDomain) : "") + + "; SameSite=Lax"); } } } diff --git a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java index 6837c0d..a6c34a3 100644 --- a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java +++ b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java @@ -17,6 +17,7 @@ package org.apache.unomi.web; +import org.apache.commons.lang3.StringUtils; import org.apache.unomi.api.Persona; import org.apache.unomi.api.Profile; @@ -117,13 +118,12 @@ public class HttpUtils { if (response instanceof HttpServletResponse) { HttpServletResponse httpServletResponse = (HttpServletResponse) response; if (!(profile instanceof Persona)) { - Cookie profileIdCookie = new Cookie(profileIdCookieName, profile.getItemId()); - profileIdCookie.setPath("/"); - if (profileIdCookieDomain != null && !profileIdCookieDomain.equals("")) { - profileIdCookie.setDomain(profileIdCookieDomain); - } - profileIdCookie.setMaxAge(profileIdCookieMaxAgeInSeconds); - httpServletResponse.addCookie(profileIdCookie); + httpServletResponse.addHeader("Set-Cookie", + profileIdCookieName + "=" + profile.getItemId() + + "; Path=/" + + "; Max-Age=" + profileIdCookieMaxAgeInSeconds + + (StringUtils.isNotBlank(profileIdCookieDomain) ? ("; Domain=" + profileIdCookieDomain) : "") + + "; SameSite=Lax"); } } }
