From 0cb184d6e99009a39f5e428b654d05be809b5392 Mon Sep 17 00:00:00 2001 From: Sunil G Date: Thu, 18 Oct 2018 15:22:50 +0530 Subject: [PATCH] YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh. (cherry picked from commit 2202e00ba8a44ad70f0a90e6c519257e3ae56a36) --- .../org/apache/hadoop/yarn/webapp/Dispatcher.java | 12 +++++++++--- .../yarn/server/webproxy/WebAppProxyServlet.java | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java index d519dbb4c0d..4d54b6a823b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java @@ -179,10 +179,10 @@ public class Dispatcher extends HttpServlet { String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB : "See logs for stack trace"; res.setStatus(res.SC_FOUND); - Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500)); + Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500)); cookie.setPath(path); res.addCookie(cookie); - cookie = new Cookie(ERROR_COOKIE, st); + cookie = createCookie(ERROR_COOKIE, st); cookie.setPath(path); res.addCookie(cookie); res.setHeader("Location", path); @@ -196,7 +196,7 @@ public class Dispatcher extends HttpServlet { public static void removeCookie(HttpServletResponse res, String name, String path) { LOG.debug("removing cookie {} on {}", name, path); - Cookie c = new Cookie(name, ""); + Cookie c = createCookie(name, ""); c.setMaxAge(0); c.setPath(path); res.addCookie(c); @@ -249,4 +249,10 @@ public class Dispatcher extends HttpServlet { } }, 18); // enough time for the last local request to complete } + + private static Cookie createCookie(String name, String val) { + Cookie cookie = new Cookie(name, val); + cookie.setHttpOnly(true); + return cookie; + } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java index f21ff2c37df..8b6bdf97b12 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java @@ -271,6 +271,7 @@ public class WebAppProxyServlet extends HttpServlet { private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) { Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet)); + c.setHttpOnly(true); c.setPath(ProxyUriUtils.getPath(id)); c.setMaxAge(60 * 60 * 2); //2 hours in seconds return c;