YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.
(cherry picked from commit 2202e00ba8
)
This commit is contained in:
parent
28a1cabb72
commit
30998fea28
|
@ -179,10 +179,10 @@ public class Dispatcher extends HttpServlet {
|
||||||
String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
|
String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
|
||||||
: "See logs for stack trace";
|
: "See logs for stack trace";
|
||||||
res.setStatus(res.SC_FOUND);
|
res.setStatus(res.SC_FOUND);
|
||||||
Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500));
|
Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500));
|
||||||
cookie.setPath(path);
|
cookie.setPath(path);
|
||||||
res.addCookie(cookie);
|
res.addCookie(cookie);
|
||||||
cookie = new Cookie(ERROR_COOKIE, st);
|
cookie = createCookie(ERROR_COOKIE, st);
|
||||||
cookie.setPath(path);
|
cookie.setPath(path);
|
||||||
res.addCookie(cookie);
|
res.addCookie(cookie);
|
||||||
res.setHeader("Location", path);
|
res.setHeader("Location", path);
|
||||||
|
@ -196,7 +196,7 @@ public class Dispatcher extends HttpServlet {
|
||||||
public static void removeCookie(HttpServletResponse res, String name,
|
public static void removeCookie(HttpServletResponse res, String name,
|
||||||
String path) {
|
String path) {
|
||||||
LOG.debug("removing cookie {} on {}", name, path);
|
LOG.debug("removing cookie {} on {}", name, path);
|
||||||
Cookie c = new Cookie(name, "");
|
Cookie c = createCookie(name, "");
|
||||||
c.setMaxAge(0);
|
c.setMaxAge(0);
|
||||||
c.setPath(path);
|
c.setPath(path);
|
||||||
res.addCookie(c);
|
res.addCookie(c);
|
||||||
|
@ -249,4 +249,10 @@ public class Dispatcher extends HttpServlet {
|
||||||
}
|
}
|
||||||
}, 18); // enough time for the last local request to complete
|
}, 18); // enough time for the last local request to complete
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static Cookie createCookie(String name, String val) {
|
||||||
|
Cookie cookie = new Cookie(name, val);
|
||||||
|
cookie.setHttpOnly(true);
|
||||||
|
return cookie;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -271,6 +271,7 @@ public class WebAppProxyServlet extends HttpServlet {
|
||||||
|
|
||||||
private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
|
private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
|
||||||
Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
|
Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
|
||||||
|
c.setHttpOnly(true);
|
||||||
c.setPath(ProxyUriUtils.getPath(id));
|
c.setPath(ProxyUriUtils.getPath(id));
|
||||||
c.setMaxAge(60 * 60 * 2); //2 hours in seconds
|
c.setMaxAge(60 * 60 * 2); //2 hours in seconds
|
||||||
return c;
|
return c;
|
||||||
|
|
Loading…
Reference in New Issue