[
https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16018563#comment-16018563
]
ASF subversion and git services commented on KNOX-933:
------------------------------------------------------
Commit 8c1c94b9e81d5a624075448be75702ffa08e40c5 in knox's branch
refs/heads/master from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=8c1c94b ]
KNOX-933 - PicketLink Provider must set Secure and HTTPOnly flags on Cookie
(Krishna Pandey via lmccay)
> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> ----------------------------------------------------------------
>
> Key: KNOX-933
> URL: https://issues.apache.org/jira/browse/KNOX-933
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Krishna Pandey
> Labels: KIP-7
> Fix For: 0.13.0
>
> Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68,
> but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but
> we should make sure that all cookies have HttpOnly and Secure flags set. We
> should separately consider deprecating and removing this provider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
