Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-933

PicketLink Provider must set Secure and HTTPOnly flags on Cookie

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.13.0
    • Server

    Description

      The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, but fails to set the HttpOnly and Secure flags to true.

      This provider is not really supported anymore and isn't even documented but we should make sure that all cookies have HttpOnly and Secure flags set. We should separately consider deprecating and removing this provider.

      Attachments

        1. KNOX-933_master_v2.patch
          4 kB
          Krishna Pandey
        2. KNOX-933_master_v1.patch
          1 kB
          Krishna Pandey

        Activity

          People

            kpandey Krishna Pandey
            lmccay Larry McCay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: