lmccay commented on PR #1264: URL: https://github.com/apache/knox/pull/1264#issuecomment-4709248458
> @lmccay made a point: cookie size can be an issue. > > Modern browsers support cookies up to 4K: Which opens the following question: shall we include groups only, and only if, when the cummulated cookie size doesn't exceed 4K? Well, it isn't really clear to me where those groups are even going to be used and what authorization check will see them. Are we going to change JWTFederationFilter to extract them from the token and set them as GroupPrincipals? Depending on the specific need, we may be able to handle this in another way. We already have the ability to add a header for groups to a dispatched request, if this usecase in question here is for a proxied service that wants to get groups from Knox. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
