[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie
[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-933: - Resolution: Fixed Status: Resolved (was: Patch Available) > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Larry McCay >Assignee: Krishna Pandey > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie
[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-933: - Status: Patch Available (was: Open) > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Larry McCay >Assignee: Krishna Pandey > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie
[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krishna Pandey updated KNOX-933: Attachment: KNOX-933_master_v2.patch > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Larry McCay >Assignee: Krishna Pandey > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie
[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Krishna Pandey updated KNOX-933: Attachment: KNOX-933_master_v1.patch Attaching patch. > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Larry McCay > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
