Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/2550
Merging this to master and branch-0.7 if no more discussion.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project
Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/2550
LGTM
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the
Github user krishna-pandey commented on the issue:
https://github.com/apache/zeppelin/pull/2550
LGTM!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or
Github user VipinRathor commented on the issue:
https://github.com/apache/zeppelin/pull/2550
@felixcheung Thanks for reviewing. Zeppelin, by default, should set
'HttpOnly' flag for all session cookies as security measure against XSS
attacks. That's why we have decided to include that
Github user krishna-pandey commented on the issue:
https://github.com/apache/zeppelin/pull/2550
@VipinRathor Also, I think it will be a good idea to mention an one-liner
in the shiro.ini.template "Enable 'cookie.secure = true' only when Zeppelin is
running on HTTPS" or something