Larry McCay created KNOX-933:
--------------------------------
Summary: PicketLink Provider must set Secure and HTTPOnly flags on
Cookie
Key: KNOX-933
URL: https://issues.apache.org/jira/browse/KNOX-933
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Fix For: 0.13.0
The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, but
fails to set the HttpOnly and Secure flags to true.
This provider is not really supported anymore and isn't even documented but we
should make sure that all cookies have HttpOnly and Secure flags set. We should
separately consider deprecating and removing this provider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
