YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.
(cherry picked from commit 2202e00ba8
)
This commit is contained in:
parent
8548864ccb
commit
0cb184d6e9
|
@ -179,10 +179,10 @@ public class Dispatcher extends HttpServlet {
|
|||
String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
|
||||
: "See logs for stack trace";
|
||||
res.setStatus(res.SC_FOUND);
|
||||
Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500));
|
||||
Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500));
|
||||
cookie.setPath(path);
|
||||
res.addCookie(cookie);
|
||||
cookie = new Cookie(ERROR_COOKIE, st);
|
||||
cookie = createCookie(ERROR_COOKIE, st);
|
||||
cookie.setPath(path);
|
||||
res.addCookie(cookie);
|
||||
res.setHeader("Location", path);
|
||||
|
@ -196,7 +196,7 @@ public class Dispatcher extends HttpServlet {
|
|||
public static void removeCookie(HttpServletResponse res, String name,
|
||||
String path) {
|
||||
LOG.debug("removing cookie {} on {}", name, path);
|
||||
Cookie c = new Cookie(name, "");
|
||||
Cookie c = createCookie(name, "");
|
||||
c.setMaxAge(0);
|
||||
c.setPath(path);
|
||||
res.addCookie(c);
|
||||
|
@ -249,4 +249,10 @@ public class Dispatcher extends HttpServlet {
|
|||
}
|
||||
}, 18); // enough time for the last local request to complete
|
||||
}
|
||||
|
||||
private static Cookie createCookie(String name, String val) {
|
||||
Cookie cookie = new Cookie(name, val);
|
||||
cookie.setHttpOnly(true);
|
||||
return cookie;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -271,6 +271,7 @@ public class WebAppProxyServlet extends HttpServlet {
|
|||
|
||||
private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
|
||||
Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
|
||||
c.setHttpOnly(true);
|
||||
c.setPath(ProxyUriUtils.getPath(id));
|
||||
c.setMaxAge(60 * 60 * 2); //2 hours in seconds
|
||||
return c;
|
||||
|
|
Loading…
Reference in New Issue