[
https://issues.apache.org/jira/browse/KNOX-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934385#comment-16934385
]
Sandor Molnar commented on KNOX-2015:
-------------------------------------
[~smore] - as far as I understood you can, currently, either exclude the
{{SET-COOKIE}} header entirely (as well as any other request/response header)
or include it in the outbound response by invoking
\{{ConfigurableDispatch.setResponseExcludeHeaders}} with the appropriate
{{Set}}. What you want is to provide a mean that certain {{SET-COOKIE}} headers
are excluded but some of them are not. Right?
For instance:
* let say the following header is set in the inbound response : {{Set-Cookie:
Domain=<domain-value>; Secure; HttpOnly}}
* as of now, you can configure Knox to exclude all of these (in fact the
default setting is to exclude the {{SET-COOKIE}} header)
* however, one may want to configure Knox to exclude only the
{{Domain=<domain-value>}} name/value pair going forward -> the outbound
response header will still contain {{Set-Cookie: Secure; HttpOnly}}
Is my interpretation correct?
> Need the ability to blacklist certain cookies with ConfigurableDispatch
> -----------------------------------------------------------------------
>
> Key: KNOX-2015
> URL: https://issues.apache.org/jira/browse/KNOX-2015
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
>
> With ConfigurableDispatch we can prevent cookies from setting, currently it
> is all or none, we need to be able to specify what cookies to avoid getting
> set.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
