YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.

(cherry picked from commit 2202e00ba8)
This commit is contained in:
Sunil G 2018-10-18 15:22:50 +05:30
parent 28a1cabb72
commit 30998fea28
2 changed files with 10 additions and 3 deletions

View File

@ -179,10 +179,10 @@ public class Dispatcher extends HttpServlet {
String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
: "See logs for stack trace"; : "See logs for stack trace";
res.setStatus(res.SC_FOUND); res.setStatus(res.SC_FOUND);
Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500)); Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500));
cookie.setPath(path); cookie.setPath(path);
res.addCookie(cookie); res.addCookie(cookie);
cookie = new Cookie(ERROR_COOKIE, st); cookie = createCookie(ERROR_COOKIE, st);
cookie.setPath(path); cookie.setPath(path);
res.addCookie(cookie); res.addCookie(cookie);
res.setHeader("Location", path); res.setHeader("Location", path);
@ -196,7 +196,7 @@ public class Dispatcher extends HttpServlet {
public static void removeCookie(HttpServletResponse res, String name, public static void removeCookie(HttpServletResponse res, String name,
String path) { String path) {
LOG.debug("removing cookie {} on {}", name, path); LOG.debug("removing cookie {} on {}", name, path);
Cookie c = new Cookie(name, ""); Cookie c = createCookie(name, "");
c.setMaxAge(0); c.setMaxAge(0);
c.setPath(path); c.setPath(path);
res.addCookie(c); res.addCookie(c);
@ -249,4 +249,10 @@ public class Dispatcher extends HttpServlet {
} }
}, 18); // enough time for the last local request to complete }, 18); // enough time for the last local request to complete
} }
private static Cookie createCookie(String name, String val) {
Cookie cookie = new Cookie(name, val);
cookie.setHttpOnly(true);
return cookie;
}
} }

View File

@ -271,6 +271,7 @@ public class WebAppProxyServlet extends HttpServlet {
private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) { private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet)); Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
c.setHttpOnly(true);
c.setPath(ProxyUriUtils.getPath(id)); c.setPath(ProxyUriUtils.getPath(id));
c.setMaxAge(60 * 60 * 2); //2 hours in seconds c.setMaxAge(60 * 60 * 2); //2 hours in seconds
return c; return c;