[
https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16011780#comment-16011780
]
Krishna Pandey commented on KNOX-933:
-------------------------------------
[~lmccay] Thanks for pointing that out and I completely agree with above
observation. Please find attached the new patch(KNOX-933_master_v2.patch) with
suggested changes and review the same.
> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> ----------------------------------------------------------------
>
> Key: KNOX-933
> URL: https://issues.apache.org/jira/browse/KNOX-933
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Krishna Pandey
> Labels: KIP-7
> Fix For: 0.13.0
>
> Attachments: KNOX-933_master_v1.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68,
> but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but
> we should make sure that all cookies have HttpOnly and Secure flags set. We
> should separately consider deprecating and removing this provider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
