jetty.project

History

Greg Wilkins 32931fac7b Issue #4247 SameSite Session Cookie (#4271 ) * Issue #4247 SameSite Session Cookie Allows sameSite cookie settings to be configured in SessionCookieConfig comments Signed-off-by: Greg Wilkins <gregw@webtide.com> * Issue #4247 SameSite Session Cookies Use non versioned cookie Signed-off-by: Greg Wilkins <gregw@webtide.com> * Issue #4247 SameSite Session Cookies Added test and fixed getCommentWithAttributes Signed-off-by: Greg Wilkins <gregw@webtide.com> * Issue #4247 - Updating unit tests for HttpCookie Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com> * Issue #4247 SameSite Session Cookie While it may be best practise to always use Secure cookies when SameSite is None, there is nothing in the RFC that mandates it and thus I don't believe we should prevent such a configuration. If browsers enforce this, then users will find out soon enough... and if browsers change, then we are not required to do a new release to match. Signed-off-by: Greg Wilkins <gregw@webtide.com> * Issue #4247 SameSite Session Cookie For cookie comments with multiple SameSite attributes, the most strict value is used. So `Strict` has precedence over `Lax` which has precedence over `None`. Signed-off-by: Greg Wilkins <gregw@webtide.com>	2019-11-14 11:56:40 +11:00
..
src	Issue #4247 SameSite Session Cookie (#4271 )	2019-11-14 11:56:40 +11:00
pom.xml	Issue #4243 invalid json error response from ErrorHandler (#4249 )	2019-11-06 09:09:44 +10:00

Issue #4247 SameSite Session Cookie (#4271 )

* Issue #4247 SameSite Session Cookie

Allows sameSite cookie settings to be configured in SessionCookieConfig comments

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4247 SameSite Session Cookies

Use non versioned cookie

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4247 SameSite Session Cookies

Added test and fixed getCommentWithAttributes

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4247 - Updating unit tests for HttpCookie

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Issue #4247 SameSite Session Cookie

While it may be best practise to always use Secure cookies when SameSite is None, there is nothing in the RFC that mandates it and thus I don't believe we should prevent such a configuration.  If browsers enforce this, then users will find out soon enough... and if browsers change, then we are not required to do a new release to match.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

* Issue #4247 SameSite Session Cookie

For cookie comments with multiple SameSite attributes, the most strict
value is used. So `Strict` has precedence over `Lax` which has
precedence over `None`.

Signed-off-by: Greg Wilkins <gregw@webtide.com>

2019-11-14 11:56:40 +11:00

src

Issue #4247 SameSite Session Cookie (#4271 )

2019-11-14 11:56:40 +11:00

pom.xml

Issue #4243 invalid json error response from ErrorHandler (#4249 )

2019-11-06 09:09:44 +10:00