[
https://issues.apache.org/jira/browse/KNOX-3134?focusedWorklogId=967813&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-967813
]
ASF GitHub Bot logged work on KNOX-3134:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Apr/25 11:28
Start Date: 28/Apr/25 11:28
Worklog Time Spent: 10m
Work Description: hanicz opened a new pull request, #1029:
URL: https://github.com/apache/knox/pull/1029
## What changes were proposed in this pull request?
pac4jCsrfToken cookie Secure and HttpOnly attributes are not set
The fix is included in 5.1.5
https://www.pac4j.org/5.1.x/docs/release-notes.html
pac4j 5.x requires jdk11
https://www.pac4j.org/docs/alldocs.html
Added a new HttpServletResponseWrapper that overrides the addCookie method.
It checks for the pac4jCsrfToken cookie and sets the Secure and HttpOnly
attributes to true.
## How was this patch tested?
New unit tests
Manually tested with pac4j setup
Issue Time Tracking
-------------------
Worklog Id: (was: 967813)
Remaining Estimate: 0h
Time Spent: 10m
> pac4jCsrfToken cookie Secure and HttpOnly attributes are not set
> ----------------------------------------------------------------
>
> Key: KNOX-3134
> URL: https://issues.apache.org/jira/browse/KNOX-3134
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.2.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> pac4jCsrfToken cookie Secure and HttpOnly attributes are not set
>
> The fix is included in 5.1.5
> [https://www.pac4j.org/5.1.x/docs/release-notes.html]
> pac4j 5.x requires jdk11
> [https://www.pac4j.org/docs/alldocs.html]
>
> Custom solution is required to set the attributes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
