[ https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16018566#comment-16018566 ]
Larry McCay commented on KNOX-933: ---------------------------------- I've just committed this to master, [~kpandey]. I did make one change to the patch beforehand. The message that you added for logging started with an uppercase letter - I changed that to lowercase to be consistent with the standard. Thank you for your contribution! > PicketLink Provider must set Secure and HTTPOnly flags on Cookie > ---------------------------------------------------------------- > > Key: KNOX-933 > URL: https://issues.apache.org/jira/browse/KNOX-933 > Project: Apache Knox > Issue Type: Bug > Components: Server > Reporter: Larry McCay > Assignee: Krishna Pandey > Labels: KIP-7 > Fix For: 0.13.0 > > Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch > > > The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, > but fails to set the HttpOnly and Secure flags to true. > This provider is not really supported anymore and isn't even documented but > we should make sure that all cookies have HttpOnly and Secure flags set. We > should separately consider deprecating and removing this provider. -- This message was sent by Atlassian JIRA (v6.3.15#6346)