[
https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16018566#comment-16018566
]
Larry McCay commented on KNOX-933:
----------------------------------
I've just committed this to master, [~kpandey].
I did make one change to the patch beforehand.
The message that you added for logging started with an uppercase letter - I
changed that to lowercase to be consistent with the standard.
Thank you for your contribution!
> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> ----------------------------------------------------------------
>
> Key: KNOX-933
> URL: https://issues.apache.org/jira/browse/KNOX-933
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Krishna Pandey
> Labels: KIP-7
> Fix For: 0.13.0
>
> Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68,
> but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but
> we should make sure that all cookies have HttpOnly and Secure flags set. We
> should separately consider deprecating and removing this provider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
