This is an automated email from the ASF dual-hosted git repository.
jkevan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/unomi.git
The following commit(s) were added to refs/heads/master by this push:
new f239e5a UNOMI-391: provide SameSite=Lax configuration on profile id
cookie (#209)
f239e5a is described below
commit f239e5ae12da8039b8a7c3ad04ae057cc022d03b
Author: kevan Jahanshahi <[email protected]>
AuthorDate: Tue Nov 3 12:07:18 2020 +0100
UNOMI-391: provide SameSite=Lax configuration on profile id cookie (#209)
---
.../baseplugin/actions/MergeProfilesOnPropertyAction.java | 13 ++++++-------
wab/src/main/java/org/apache/unomi/web/HttpUtils.java | 14 +++++++-------
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git
a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
index e8c975b..a496ddb 100644
---
a/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
+++
b/plugins/baseplugin/src/main/java/org/apache/unomi/plugins/baseplugin/actions/MergeProfilesOnPropertyAction.java
@@ -213,13 +213,12 @@ public class MergeProfilesOnPropertyAction implements
ActionExecutor {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse)
response;
if (!(profile instanceof Persona)) {
- Cookie profileIdCookie = new Cookie(profileIdCookieName,
profile.getItemId());
- profileIdCookie.setPath("/");
- if (profileIdCookieDomain != null &&
!profileIdCookieDomain.equals("")) {
- profileIdCookie.setDomain(profileIdCookieDomain);
- }
- profileIdCookie.setMaxAge(cookieAgeInSeconds);
- httpServletResponse.addCookie(profileIdCookie);
+ httpServletResponse.addHeader("Set-Cookie",
+ profileIdCookieName + "=" + profile.getItemId() +
+ "; Path=/" +
+ "; Max-Age=" + cookieAgeInSeconds +
+ (StringUtils.isNotBlank(profileIdCookieDomain)
? ("; Domain=" + profileIdCookieDomain) : "") +
+ "; SameSite=Lax");
}
}
}
diff --git a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
index 6837c0d..a6c34a3 100644
--- a/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
+++ b/wab/src/main/java/org/apache/unomi/web/HttpUtils.java
@@ -17,6 +17,7 @@
package org.apache.unomi.web;
+import org.apache.commons.lang3.StringUtils;
import org.apache.unomi.api.Persona;
import org.apache.unomi.api.Profile;
@@ -117,13 +118,12 @@ public class HttpUtils {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse)
response;
if (!(profile instanceof Persona)) {
- Cookie profileIdCookie = new Cookie(profileIdCookieName,
profile.getItemId());
- profileIdCookie.setPath("/");
- if (profileIdCookieDomain != null &&
!profileIdCookieDomain.equals("")) {
- profileIdCookie.setDomain(profileIdCookieDomain);
- }
- profileIdCookie.setMaxAge(profileIdCookieMaxAgeInSeconds);
- httpServletResponse.addCookie(profileIdCookie);
+ httpServletResponse.addHeader("Set-Cookie",
+ profileIdCookieName + "=" + profile.getItemId() +
+ "; Path=/" +
+ "; Max-Age=" + profileIdCookieMaxAgeInSeconds +
+ (StringUtils.isNotBlank(profileIdCookieDomain)
? ("; Domain=" + profileIdCookieDomain) : "") +
+ "; SameSite=Lax");
}
}
}
