hanicz opened a new pull request, #1029: URL: https://github.com/apache/knox/pull/1029
## What changes were proposed in this pull request? pac4jCsrfToken cookie Secure and HttpOnly attributes are not set The fix is included in 5.1.5 https://www.pac4j.org/5.1.x/docs/release-notes.html pac4j 5.x requires jdk11 https://www.pac4j.org/docs/alldocs.html Added a new HttpServletResponseWrapper that overrides the addCookie method. It checks for the pac4jCsrfToken cookie and sets the Secure and HttpOnly attributes to true. ## How was this patch tested? New unit tests Manually tested with pac4j setup  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
