[
https://issues.apache.org/jira/browse/NIFI-9060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419480#comment-17419480
]
ASF subversion and git services commented on NIFI-9060:
-------------------------------------------------------
Commit 84dbf915a9b55100ad631305fa5f1b86e578a0b8 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=84dbf91 ]
NIFI-9060 Refactored HTTP Cookie Path Handling
- Implemented ApplicationCookieService for adding and retrieving HTTP Cookies
- Added getCookieResourceUri() leveraging allowed proxy headers to support
optional Cookie Paths
- Refactored Access Resources to use ApplicationCookieService for processing
- Changed __Host- prefix to __Secure- prefix for Bearer Token cookie to support
Cookie Path processing
- Removed unnecessary jetty-http dependency from nifi-web-api
- Corrected NiFi path references in JavaScript to support prefixed paths
Signed-off-by: Nathan Gough <[email protected]>
This closes #5329.
> HTTP Cookie Paths ignore Proxy Context Path Headers
> ---------------------------------------------------
>
> Key: NIFI-9060
> URL: https://issues.apache.org/jira/browse/NIFI-9060
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 1.14.0, 1.15.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: security
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> HTTP cookies that NiFi uses for authentication have hard-coded paths set to
> forward-slash. This is acceptable for deployments where clients have direct
> access to NiFi, or when a reverse proxy does not rewrite the context path. In
> deployments where a reverse proxy performs URL rewriting, NiFi should set
> cookie path based on proxy HTTP headers. NiFi WebUtils includes methods to
> determine the context path based on supported proxy headers, which should be
> used to set the paths for HTTP cookies.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
