[jira] [Commented] (NIFI-10595) Merged Set-Cookie Values

Wed, 05 Oct 2022 15:06:07 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-10595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613242#comment-17613242
 ] 

Nathan Gough commented on NIFI-10595:
-------------------------------------

Hi Michael, could we please have more details on what you're trying to achieve, 
and what specifically the issue is when the cookie is merged? What error are 
you seeing on the application side?

My understanding is that you're trying to do the following:
 # An application makes a request to NiFi (HandleHTTPRequest) it responds with 
two Set-Cookie headers
 # The cookies are implicitly merged by NiFi
 # You are unable to respond to the application using HandleHTTPResponse 
because the cookie headers are merged, and there's no way to set these headers 
separately again as shown in duplicate.jpg

> Merged Set-Cookie Values
> ------------------------
>
>                 Key: NIFI-10595
>                 URL: https://issues.apache.org/jira/browse/NIFI-10595
>             Project: Apache NiFi
>          Issue Type: Wish
>          Components: Core Framework
>    Affects Versions: 1.17.0
>         Environment: docker pull nifi
> Running in docker environment
> DefectDojo-> NiFi -> Jira
>            Reporter: michael endrizzi
>            Priority: Critical
>         Attachments: cookie.jpg, duplicate.jpg
>
>
> App A generates multiple Set-Cookie attributes
>  
> Set-Cookie: JSESSIONID=332A0702B579B2C2E978F156CA2D2CA2; Path=/; HttpOnly
> X-Seraph-LoginReason: OK
> Set-Cookie: 
> atlassian.xsrf.token=BG2A-03LA-WE1W-P6YO_eb6999a3eeebf8ac3daa9d048e5434f70636849f_lin;
>  Path=/
>  
> and NiFi merges the cookie values into a single line
>  
> Set-Cookie: JSESSIONID=332A0702B579B2C2E978F156CA2D2CA2; Path=/; HttpOnly, 
> atlassian.xsrf.token=BG2A-03LA-WE1W-P6YO_eb6999a3eeebf8ac3daa9d048e5434f70636849f_lin;
>  Path=/
>  
> Unfortunately, applications do not all like this format. Seems to violate 
> standards:
> https://httpd.apache.org/docs/2.0/misc/known_client_problems.html#cookie-merge
>  
> In addition, NiFi does not allow you to manually add a second duplicate 
> header (see attached)
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to